Call us on 03450 21 21 51

ISO 27001 accreditation – what is the difference between consultancy engagement and accreditation engagement?
The SRM Blog

ISO 27001 accreditation – what is the difference between consultancy engagement and accreditation engagement?

Melanie Taylor

Written by Melanie Taylor

17th October 2019

Share this article

achieving ISO 27001

What does the process of ISO27001 accreditation have in common with learning to drive? More than you might think. Both are concerned with safety and whether you meet a required standard. Both involve preparation and examination. And in both instances, these roles are conducted by people with different roles and responsibilities.

When it comes to getting behind the wheel of a car, you first take lessons from a professional instructor who has experience of preparing individuals of all types and abilities for a test. They are responsible for putting you through a programme of learning and improvement until they judge you to be ready. Then you present yourself at the Driving Test Centre and put yourself in the hands of an examiner who is responsible for deciding whether you are up to the mark and safe enough to navigate Britain’s roads.

Being safe on cyber highways is the equivalent aim of the ISO 27001 framework and the process of accreditation follows a similar route. For best results you engage with a consultant who has experience of preparing all types of organisation. They guide you through the process of building the ISO 27001 framework into your network systems. When you are ready, your consultant will put you forward for accreditation engagement in the form of a Stage 1 Assessment by an accredited Certification body. It is then this body’s responsibility to gauge your state of readiness and their decision as to whether you have met the required standard.

So, who should you engage to prepare you for ISO 27001 accreditation? It is usually a false economy to try to manage the process in house, unless you have the very specific skillsets required. A bit like getting your uncle or father to teach you to drive. A highly skilled ISO 27001 specialist consultancy will ensure the exercise is correctly scoped at the outset, ensuring that the whole process can be conducted in a cost-effective way, delivering significant benefits.

If you want to engage a professional who will help you pass first time, it is worth noting that we at SRM are experienced in all aspects of preparing an organisation for ISO 27001 accreditation. We also understand exactly what is required. One reason we are so successful is that we have the added benefit of working closely with the accreditation body BSI. We engage early with them and use them as our preferred accrediting body which ensures that when we put companies forward for audit they are well-placed to meet the required criteria.

The benefits of ISO 27001 accreditation are significant and are discussed in more detail here: Why get ISO 27001 certification? And ISO 27001 – the top 5 challenges to becoming certified.

To find out more about how SRM can help you contact Mark Nordstrom on


Want to learn more? You may be interested in these posts:

The top 3 sectors embracing the ISO 27001 framework as their biggest weapon against a security breach

Phishing attacks and the perks of purple teaming

The evolution of cyber crime


Back to top