The International Standard for Information Security
What is it?
ISO 27001 is the international standard for Information Security. Often a requirement of clients that want to do business with you. An internationally recognised accredited certification is required. Examples of accredited certification bodies include a UKAS certificate in the UK and a ANAB certificate in the US. Read the ISO 27001 FAQ.
Do it your way – documents, templates and guides
Let us take care of it – fully managed service
We have a Google 5 ⭐⭐⭐⭐⭐ Rating.
Specialist | Start-up, early stage and growth business is our niche. Our clients are in Financial Services, Fin Tech and Software Development and Charities.
Experience | Over 20 years experience delivering hundreds of engagements
HIGH TABLE operates around the globe with clients in America, Canada, Australia, Europe and the UK.
We specialise in start up, early stage and growth businesses and excel in Financial Services, Fin Tech and Software Development companies
So much more
As well as delivering ISO 27001 we also specialise in SOC 2 Type 2 and SOC 2 Type 1. For our clients we are working in partnership as their on demand Information Security Manager giving them cost effective access to world class resources – paying only for what they need.
Your ISO 27001 certification, your way
We are flexible in how we support you. We know that one size does not fit all. You are unique. What you need is unique. We help clients taking a fully DIY approach by providing document packs, guidance, oversight all the way to fully managing and taking the ISO 27001 certification for you.
Watch how we are going to deliver ISO 27001
Watch this short 30 second video on how we are going to deliver ISO 27001.
ISO 27001 Certification
ISO 27001 Policies
ISO 27001 Controls
ISO 27001 FAQ
ISO 27001 is the name and designation given to the international standard for information security. It is an information security management system. It is a series of information security policies, information security documents, information security controls and processes for the management of information security. As a standard you can be assessed against it and a certificate can be issued to demonstrate that you meet the requirements of the standard.
There are two goals for the ISO 27001 standard. The first goal is to provide a bench mark and frame work against which businesses can operate for best practice of information security protection. The second goal is to be able to demonstrate through independent certification that business meets the requirements of the international standard for information security and there by provide assurance that the business is operating to a certain level.
ISO 27001 can provide a framework to satisfy aspects of GDPR, especially around principle 6 maintain adequate security. It does not make you GDPR compliant and it does not satisfy all of the requirements of the GDPR. Consider it as a complimentary standard and complimentary framework.
At the time of writing ISO/IEC 27001:2013 is the most current version of the standard and incorporates changes made in 2017.
The easiest way is to request a copy of their most up to date certificate and scope statement. You can check the date of the certificate to ensure that it is valid. The certificate will tell you the name of the certification body. You can then search the certification body website for a register of companies that they have certified.
In general no. It can be a requirement of a regulatory body or of a contract but it is not a legal requirement in the widest sense of law. Unlike the GDPR which is a law.
ISO 27001 is only mandatory if an industry regulator mandates it or a contract between you and a customer or supplier mandates it. It is a framework based on risk and as such even the controls within the standard are not mandatory.
The ISO 27001 standard and ISO 27001 certification apply to any business that wants to operate to it and demonstrate best practice for information security management. The number one reason we see a business adopt the ISO 27001 certification is for commercial gain and as a result of being asked for it by a customer on which a commercial contract rests.
Yes. ISO 27001 is a framework made up of policies, documents, controls and processes. It is a risk based framework with continual improvement at it’s heart. It requires top level, leadership commitment.