The standard stipulates several requirements that require fulfilment. These vary, but most organisations will already be fulfilling some of these to a greater or lesser extent. For example, you must have in place mechanisms for maintaining the physical security of the equipment that stores data, record keeping on data destruction and controls that allow you to process and analyse data securely and in accordance with your contractual obligations.
There are some requirements that organisations will find more awkward to achieve if they are unfamiliar with the international standard; QCS can help you with these and train your staff to be able to take your certification forward.
Gaining certification is so much more than a badge. It requires you to self-examine and to commit to improvement in your organisation’s processes. It will also provide you with a framework for helping to understand the key risks you face and to develop strategies to mange and take advantage of them.
The first stage will be to review your current arrangements against the clauses of the standard – this will highlight what gaps you have and what you might have to do to gain certification. Some of the gaps can take several months to fill as a certification body (the organisation that awards you ISO 27001) will want to see whatever systems you have are operating and that there is evidence that they have been for some time.
QCS can complete a gap analysis for you if you wish and we can then supply you with the training and support to deliver the identified actions.
The types of things you might have to do include (not exhaustive):
- A review of risks and opportunities and how you manage these
- Setting and delivering key business objectives and targets
- Introducing robust measures for the physical protection of data and information you hold
- A mechanism for dealing with data breaches or when things go wrong
- A system for dealing with personnel and personnel changes
- Internal auditing
- Meetings and review to monitor progress and decide upon next steps