ISO 27001 is a pretty dry subject, we get it, and a bit of a minefield. Especially if you’re at the beginning of your journey.
But if you’re a small business and want to win those meaty clients, you’re going to need it. These days, bigger companies expect their providers to be ISO 27001 certified, and that’s why we’re going to tell you how to get your certification nailed, pronto; without breaking the bank.
So, if you’re trying to suss it out in Sydney, feeling mystified in Melbourne or banging your head against a brick wall in Brisbane, or wherever you are in Australia, I am going to show you how to get ISO 27001 certified.
By the time you’ve reached the end of this blog, you’ll know everything you should about the certification process (even the top secrets that no one in the industry wanted you to know!).
Table of contents
- What Is ISO 27001?
- Who Needs ISO 27001?
- How will ISO 27001 benefit my business?
- How do I get ISO 27001 certification in Australia?
- Australian ISO 27001 secrets exposed
- Can I get ISO 27001 certified myself?
- What is the ISO 27001 certification process in Australia?
- How much does ISO 27001 certification cost in Australia?
- ISO 27001 Australia Implementation Options
- How long does it take to get ISO 27001 certified?
- Does ISO 27001 expire?
- Certified ISO 27001 Maestro
What Is ISO 27001?
ISO 27001 is the leading international standard for information security. Simply put, it’s a set of guidelines and best practices designed to help companies keep their sensitive data safe.
Who Needs ISO 27001?
Any organisation that handles personal information, financial data or intellectual property should implement ISO 27001. Basically, if you handle any kind of confidential information (and let’s be real, who doesn’t these days?) you need ISO 27001 certification.
If you’re a small business, you probably have that nagging feeling that you should have ISO 27001 but assume you can’t afford it. Am I right? Well, you can, but we’ll come back to that later.
How will ISO 27001 benefit my business?
Cyber security threats are rife in today’s world, so by investing in ISO 27001 certification you’ll build trust with your existing and potential clients by showing them that you give a sh*t about information security and, ultimately, their business.
Will ISO 27001 make you more credible? Yes, but let’s get the winning benefit out there: there’s a commercial advantage. Jumping into bed with ISO 27001 increases your chances of winning bigger business, as larger organisations tend to make ISO 27001 certification a standard requirement and won’t touch you unless you have it. So that big tender you’ve had your eye on… You’ve got to be in it to win it!
How do I get ISO 27001 certification in Australia?
The easiest and fastest way to get ISO 27001 accredited here in Australia is to download the ISO 27001 toolkit and follow the How to Implement ISO 27001: A Step-By-Step Guide.
It’s one of life’s no-brainers.
Another option is to bring in a trusted ISO 27001 expert who will coach you through the process, without dragging it out or overcharging.
If you are confused, you should book your FREE, No Obligation ISO 27001 Strategy Session but be warned, this is strictly for people who are hungry to get ISO 27001 certified up to 10x faster, 30x cheaper.
Australian ISO 27001 secrets exposed
The number Australian ISO 27001 secret, and the answer to the question we get asked all the time is, it is exactly the same as everywhere else. Exactly the same. There is no difference because you are in Australia. Shocking? Not really as it is an International Standard.
The next secret is that consultants will tell you that you need to hire them to get certified, which will cost you an arm and a leg and take way longer than it needs to. (Because they want you to part with as much of your hard-earned cash as possible!) Why do we know this? Because we’ve been those consultants (hey, it was our job!). Guess what, you don’t.
At High Table we have turned the ISO 27001 process on its head. We decided to do things differently and combine 20 years’ experience, knowledge and wisdom and offer something unheard of in the ISO 27001 space: value. Why? Because we’re the ISO 27001 people, and we’re sick of other providers alienating smaller businesses like yours by charging silly money for something that can be done on a budget.
Can I get ISO 27001 certified myself?
Hell to the YES you can DIY your ISO 27001 certification. Don’t listen to anyone who tells you otherwise. It’s not for the faint-hearted, but the great news is, there is a shortcut. You can get certified yourself, with a little help from High Table. All you need is the ISO 27001 Toolkit. This toolkit is designed to save businesses like yours time, money and stress. We’ve perfected the certification process to empower you to do it yourself – genius, isn’t it? Goodbye money-grabbing consultants.
What is the ISO 27001 certification process in Australia?
Whether you’re in Perth, Adelaide or the Gold Coast, or at the other side of the world, the ISO 27001 process is the same. To get accredited you must follow these steps:
- Identify the information assets that need protection and the processes that need to be included in the Information Security Management System (ISMS).
- Identify the risks to the information assets and evaluate their impact. This helps to prioritise which risks to address first and what controls to implement.
- Once the controls have been identified, the organisation needs to implement them.
- Conduct internal audits to make sure that the ISMS is operating properly and meets the ISO 27001 standard.
- Conduct a management review of the ISMS to make sure it’s meeting the organisation’s goals and objectives.
- An external certification body will perform an audit to determine whether the ISMS meets the ISO 27001 standard. If it does, ISO 27001 certificate granted. Voila!
Have we lost you? It’s dull, we know. Of course, by downloading and following this Toolkit, or bringing in the ISO 27001 Ninja, you can duck out of the hard work, because we’ve already done it for you. You’re most welcome.
How much does ISO 27001 certification cost in Australia?
The cost of getting ISO 27001 certified completely depends on how you want to play it.
You’ll need to cover two sets of costs in the certification process:
1. The cost to implement and run the ISO 27001 ISMS
2. The cost to take the certification audit
What you end up paying depends on these factors:
- The size of your business
- The perceived risk your business carries
- The UKAS accredited certification body you decide to go with
Do you want to do it yourself? Employ someone full-time? Hire a contractor? Or instruct a consultant?
ISO 27001 Australia Implementation Options
– A Comparison of Costs
Considering the approaches of doing it yourself, getting a contractor or employing High Table let us compare typical expected costs side by side.
Consultant
Circa A$9,000 to A$30,000
5 to 15 days duration
Comes with all policies
Track record of delivery and certification
Employee
min A$75,000 per year
6 to 12 months duration
Needs to write all policies
Contractor
A$75,000 to A$290,000
3 to 12 months duration
Will write all policies
We can be frank here, can’t we?
If you have time on your side, the cheapest and easiest way for a small business like yours to get ISO 27001 certification is by choosing the High Table ISO 27001 Toolkit route.
But, if you’re time-poor and need someone to take it completely off your hands, or coach you through the process – MAKE SURE YOU DO YOUR RESEARCH! Consultants don’t have to cost the earth. (If they do, you’re not choosing wisely!)
How long does it take to get ISO 27001 certified?
How long’s a piece of string? The ISO 27001 certification process is different for every business and takes as long as it takes. As a rough guide, you’re looking at around 3 months: 30 days to implement the information security management system and ISO 27001 itself, plus a further 60 days to implement and evidence the required controls.
Here are some stumbling blocks that can impact the process:
- Your ability to book a certification audit based on their availability
- Your ability to implement and evidence the required ISO 27001 controls
Does ISO 27001 expire?
Unfortunately, nothing lasts forever. Sorry to burst your ISO 27001 bubble! Once you’ve been ISO 27001 accredited, your certification will last three years. But next time around you’ll know exactly what you’re doing – happy days.
Certified ISO 27001 Maestro
And that’s it: everything you could possibly need to know about ISO 27001 certification. I hereby certify you ISO 27001 Maestro. I’m joking. You’re not quite there yet, but High Table can help you make it happen – quickly and easily. If you want to know more about the ISO toolkit that will change the game for your business, or want to be coached through the process (without getting ripped off) let’s talk, book your call here.