ISO / IEC 27001 Overview
ISO / IEC 27001 defines the requirements for establishing an effective information security management system.
It provides a detailed framework of controls to be considered for applicability as part of the management system. The controls are split between, organisational, people, physical and technological functions and control types are categorised as preventive, detective or corrective. Together, this helps you to identify the areas of your organisation that hold the biggest information security risks.
Benefits of achieving ISO / IEC 27001 Certification
-
Reduce risks
-
Improved reputation
-
Reduction in data breaches
-
Maintain compliance to legal requirements
-
Increase customer confidence
-
Increased internal information security awareness
Why ISO / IEC 27001?
The value in most organisations in this digital age, is in the data and information that you process and it has never been more critical to the integrity and inherent confidence in your business that you manage this information with the utmost care.
Enquire about ISO / IEC 27001 certification now
ISO / IEC 27001 Certification Costs
| Annual Turnover | Cert Cost (£) | Annual Cost (£) |
|---|---|---|
| Up to £100,000 | 1,995.00 | 850.00 |
| £100,000 - £250,000 | 2,495.00 | 950.00 |
| £250,000 - £500,000 | 2,995.00 | 1,050.00 |
| £500,000 - £1 Million | 3,495.00 | 1,150.00 |
| £1 - £1.5 Million | 3,995.00 | 1,250.00 |
| £1.5 - £2 Million | 4,495.00 | 1,350.00 |
| £2 - £3 Million | 4,995.00 | 1,450.00 |
| £3 - £5 Million | 5,495.00 | 1,550.00 |
| Over £5 Million | Subject to separate quotation | |
Please note: All of the above fees are per certification, based on one location and exclusive of VAT which is chargeable at the prevailing rate. Travel and accommodation are only charged on the UK mainland under exceptional circumstances. Companies from outside mainland UK and multiple sites are quoted separately & may be subject to travel & accommodation costs.
Your ISO / IEC 27001 Certification in 6 Simple Stages
Enquire NowClient Agreement
- Agree the service you require with respect to ISO / IEC 27001 Certification and sign a client agreement
- Pay 25% of the certification fee as a deposit
- Book your assessment date and we will email confirmation.
- CQS will then issue you with a Pre-Assessment Pack of Information Security Management System documents for you to complete prior to booking your assessment.
Complete Pre-Assessment Documentation
- Complete the Pre-Assessment Documentation and email to the office for review
- Your appointed Assessor will review the Pre-Assessment Documentation and your assessment date will be confirmed.
Assessment
- Audit of your current procedures and working practices
- Issue of assessment report detailing the findings and areas to be addressed to achieve certification to ISO / IEC 27001 Certification
- Assistance with the issue of template documentation required to meet the requirements of the Standard
Completion of Outstanding Actions
- Your ISO / IEC 27001 Assessment Report will detail actions required in order for you to meet the requirements of the Standard
- You must implement these actions in the timeframe between your Assessment and your Certification Audit
Completion of Outstanding Actions
- Further Audit of your Information Security Management System procedures and working practices to confirm that you have rectified the areas highlighted in your Assessment
- Discussion to confirm your understanding of commitment required to maintain your certification
- Certificate and logo presentation upon successful completion of your Audit.
Annual Audit
- Surveillance Audits of your Information Security Management System to confirm that you still meet the requirements of the ISO / IEC 27001 Standard
- CQS will issue a new certificate every 3 years upon successful completion of your ISO / IEC 27001 audits.
ISO/IEC 27001 Implementation Training Courses
CQS (Certified Quality Systems) Limited can provide you with ISO / IEC 27001 Implementation Training which can be carried out on your premises or remotely for as many delegates as required.
A training pack on the ISO / IEC 27001 standard will be supplied to each delegate on the course and all attendees will receive a certificate on completion.
The course will cover the benefits of an information security management system, the themes and attributes of the information security controls, risk based thinking, the Statement of Applicability, the ISO / IEC 27001 Clauses and the concepts of planning, performing, documenting, communication, evaluation and follow up activities that need to take place during the Internal Audit of your Information Security Management system. The training provided is a mixture of direct discussion, interactive exercises and workshops which together help to encourage the participation of the attendees.
Internal Audit is a key component in monitoring and measuring the performance of your ISO / IEC 27001 Information Security Management System processes and an effective tool for enabling continual improvement so it is important that the Internal Auditor or Internal Audit Team have the knowledge required to implement this management tool effectively.
Internal Audit is also a useful business tool to help develop the skills of your staff to interrogate other business areas that may not be related to management systems. This course will help to develop the analytical skills of staff members which can be utilised in other areas of your business.
| Course Costs | |
|---|---|
| Delegates | Cost (£) |
| Up to 8 | 600.00 |
| 9 - 12 | 750.00 |
| 13 - 15 | 900.00 |
| 15+ | Quotation needed |
ISO / IEC 27001 Certificate Transfer
If you already have ISO / IEC 27001 Certification and would like to transfer your certification to CQS we can carry out this process as follows:-
1.Assessment
- Desktop review of your Information Security Management system documentation
- Site based Audit of your Information Security Management procedures and working practices
- Issue of an ISO / IEC 27001 assessment report detailing the findings and areas to be addressed to achieve certification
ISO / IEC 27001 Certification Audit
- Further Audit of your Information Security Management procedures and working practices to confirm that you have rectified the areas highlighted in your Stage 1 ISO / IEC 27001 Assessment
- Discussion to confirm your understanding of commitment required to maintain your ISO / IEC 27001 certification
- Certificate and logo will be issued upon successful completion of your Audit and payment of 75% balance of the certificate fee.
If you already have ISO / IEC 27001 Certification and would like to transfer your certification to CQS we can carry out this process as follows:-
Annual Audit
- Surveillance Audits of your information security management system to confirm that you still meet the requirements of the ISO / IEC 27001 Standard
- Issue new certificate every 3 years upon successful completion of your ISO / IEC 27001 annual audits.
