Understanding ISO-27001 Requirements

What is ISO-27001?

ISO-27001 is a globally recognized security framework.  It aims to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System” (ISMS). ISO-27001 is not industry specific – any type of company can undergo ISO 27001 certification whether large, small, for-profit, not-for-profit, etc. Ultimately, it is a way of making sure that an organization is managing information security risks effectively.

Why do Companies get Certified?

There are many different motivations as to why a company may choose to get certified. These include:

  • Meeting contractual or regulatory requirements
  • Customer request or preference
  • As a development to or an extension of a risk management program
  • To determine clear information security goals
  • To gain an edge in a competitive market

How much does it cost to become ISO-27001 Certified?

There are three main costs to becoming certified: internal costs, costs for preparation, and certification costs. Costs can vary significantly based on the ISMS scope, ISMS gap assessment, resource capabilities, the project timeframe and size of the organization. Ostendio works with preferred assessors who offer discounts to MyVCM customers.

How long does it take?

Typically, a MyVCM customer will take between 3 – 6 months for certification, but this can vary depending on the size of the organization and the scope of the project.

How do I know which Certification to pursue? ISO-27001? SOC 2? HITRUST?

Between different industry regulations, and varying resource commitments, it can be difficult to decide which path is best for your business. So, how do you know which one to choose?

The Ostendio Professional Services team has helped clients through numerous different types of audits and certifications. Please contact us to today for a complimentary discussion to determine which certification is best for your organization.

For more information about which certification option is right for you, or to learn more about Ostendio’s MyVCM platform, please email us or call 877 668 5658.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *