Call us on 03450 21 21 51

If your cyber security policy is still a blank sheet of paper, it’s time to think about preparing an ISO 27001 checklist
The SRM Blog

If your cyber security policy is still a blank sheet of paper, it’s time to think about preparing an ISO 27001 checklist

Claire Greathead

Written by Claire Greathead

6th July 2020

Share this article

ISO 27001 checklist

The protection of data is vital for businesses in 2020, and achieving ISO 27001 accreditation represents a seal of approval for any organisation prepared to put in the hard work.  To get started, you may want to consider an ISO 27001 checklist. 

Understanding the scale of any task or challenge requires planning. Whether it’s completing your weekly shop successfully or overhauling the entire infrastructure of a multi-national organisation, writing out a good old-fashioned to-do list will always have a role to play.

While the humble grocery list and a business transformation strategy may sit at opposite ends of the spectrum, the principles remain the same: itemise what needs to be done and then work through each step until complete.

The problem for modern-day businesses is that, as their digital estate grows, the complexities of managing information security results in a rather sizeable to-do list. While getting a handle on information security may feel like something of a mammoth task, it is unfortunately one that businesses cannot afford to ignore in 2020 – not least because the threats from cyber criminals and malicious hackers have never been greater.

Fortunately, organisations don’t have to start with a blank sheet of paper when it comes to making themselves more robust and resilient to information security threats. The security standard ISO 27001 represents a valuable framework for businesses to build in comprehensive processes and procedures for managing digital assets.

But what exactly is ISO 27001, and what challenges are you likely to face when trying to achieve certification?


What is ISO 27001?

As mentioned above, ISO 27001 is an internationally recognised framework, designed to help businesses manage and protect its information assets. It’s a key part of helping your business and customer data stay safe and secure.

By complying with the standards set out by ISO 27001, your business is able to identify security risks, control them and ultimately decrease them to an acceptable level. This means your organisation is able to retain the confidentiality, integrity and availability of your information within the business, without creating unnecessary risks.

Adhering to the standard also builds resilience by identifying any procedures required to enable fast detection of information security breaches, allowing you to act proactively rather than reactively when it comes to threats.

While not all organisations are required to seek certification, following an ISO 27001 checklist is something every business should consider to ensure good information security management.


ISO 27001 checklist: How to prepare for certification?

There are several steps involved in achieving ISO27001 accreditation:

  • Get full support from management
  • Be prepared for a long-term project
  • Define the scope of your certification — will it span your whole organisation or just a department?
  • Write an Information Security Policy, detailing basic issues surrounding information security in your business
  • Outline Risk Assessment methodology, defining the rules for identifying assets, vulnerabilities, threats, impacts, likelihood and levels of risk
  • Perform your risk assessment tactics, and then treat any risks you’ve identified – remember, this may be a long-term endeavour
  • Write a risk treatment plan, defining exactly how you intend to put security measures in place, including who is going to do it, when and with what budget
  • Define how the success of these controls will be measured, and how often
  • Implement new security controls and procedures
  • Implement training and awareness programs for team members
  • Complete an internal audit after making ISO27001 part of your daily business routine, to see if everything is as it should be
  • Complete regular reviews, and put necessary corrective and preventative actions in place

Undertaking compliance with ISO27001 can be intimidating. It involves a third-part auditor performing and independent assessment of all your business processes and can require you to change significant aspects of your business operations in order to comply. But the good news is that you don’t have to do it alone.

Remember ISO 27001 is not a one-off piece of work and requires ongoing management to ensure that any changes to the business or legal frameworks are reviewed and documentation and business processes are updated.


The importance of seeking advice

Getting the advice and guidance of a qualified information security expert can take the pressure off your shoulders and give you peace of mind that the steps you’re taking to ensure data protection are the best ones for your individual business and circumstances.

If you would like help achieving ISO27001 accreditation for your business, contact the ISO27001 consultants at SRM Solutions today by clicking here or by calling 03450 21 21 51, and find out how we can support you.

Back to top