ISO 27001 – Information Security Management Systems

ISO 27001 is the international standard which is recognised globally for managing risks to the security of the information your organisation holds.

ISO 27001 certification allows you to demonstrate and prove to your clients (and other stakeholders) that you are managing the security of your information. It can also help you comply with the requirements of Article 32 of the GDPR (Security of Processing – Technical and Organisational Measures).

ISO 27001 (ISO 27001:2013 is the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS). The standard adopts a process based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.

The ISO 27001 standard and ISMS provides a framework for information security management best practice that helps organisations to:

Why should you get ISO Certified?

ISO 27001 Certification is suitable for any organisation, regardless of size, in any sector. The standard is applicable to organisations which manage high volumes of data, or information on behalf of other organisations such as data centres and IT outsourcing companies. In addition, the standard is especially relevant where the protection of information is critical, such as in the health, public, banking, financial and IT sectors.

At XpertDPO, we believe that the information that you hold is your prime asset. Without this information (or access to it) you cannot operate your business. Therefore, protecting your organisation’s information is critical for the successful management and smooth operation of your organisation.

Achieving ISO 27001 certification will aid your organisation in managing and protecting your valuable data and information assets. By achieving certification to ISO 27001 your organisation will be able to reap numerous and consistent benefits including:

Ensuring that confidential information remains secure
Provides your clients and stakeholders with confidence in how you manage risk
Allows for secure exchange of information
Helps you to comply with other regulations (e.g. SOX)
Provide you with a competitive advantage
Enhance client satisfaction that will improve client retention
Will aid the consistent delivery of your services and / or products
Manages and minimises your organisation’s risk exposure
Develops and fosters a culture of security within your organisation
Protects the organisation, assets, shareholders and directors

How does it work?

The ISO 27001 Certification is a two stage process and takes on average between 3 to 6 months. XpertDPO will deliver a bespoke information security management system tailored to the exact needs of your organisation with our proven ISO 27001 Policy and Best Practice documents.

There are two stages to the certification process.

Stage 1

is primarily an audit of your documentation. The ISO 27001 Stage 1 audit checks that your organisation has the required policies, processes and documents in place. It focuses on the information security management. It may seek some initial evidence that the information security management system is implemented.

Stage 2

is primarily an evidence audit. The ISO 27001 Stage 2 audit confirms that you actually do what you say you do. The Stage 2 audit will look for evidence of meetings, risk management, continual improvement and the effective implementation working of processes. It is mainly focussed on ISO 27002 which is often referred to as Annex A.

Does being ISO 27001 certified mean that we are GDPR compliant?

Not entirely……

Our general advice to organisations that have been told “ISO 27001 will make you GDPR compliant” is to proceed with caution. There are elements of ISO 27001 that feed into your GDPR compliance program and vice versa however, in our opinion, being ISO certified is no guarantee that the organisation is fully compliant with the GDPR.

To that end, there is a new GDPR Compliance standard. ISO 27701:2019 is a privacy extension to ISO 27001. Organisations who are already certified to ISO 27001 will now be able to also certify to ISO 27701. The idea behind this new extension is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).

Why choose XpertDPO?

XpertDPO will be with you every step of the way. We help clients implement ISO 27001 and ISO 27701 efficiently and effectively. Whether you are looking to achieve full ISO 27001 / 27701 certification or just want to align with ISO 27001. We have expert consultants ready to guide your organistation towards certification.

Ready to start your
Data Protection journey with us?

Our Experience

XpertDPO is a data security, governance, risk and compliance, GDPR and ISO consultancy that offers practical, tailor-made solutions.

We are one of the leading providers of Outsourced Data Protection Officer services in Ireland and the UK. We also specialise in offering Nominated European Representative Services to non EU based organisations.

Certified Data Protection Officer
Certified Information Security Manager (ISACA)
Certified Information Systems Auditor (ISACA)
Certified in Risk and Information Systems Control (ISACA)
Certified Cloud Security Professional (ISC2)
Certificate of Cloud Security Knowledge
Cyber Essentials

"XpertDPO has worked closely with FIT on matters relating to our responsibilities as Data Processors and, more broadly, on our practical processes for managing client data with due regard for the GDPR regulation. In this respect, XpertDPO’s team has been proactive in sharing knowledge and best practices, which have developed considerably FIT’s internal competence and the necessary ongoing development of staff.”

"XpertDPO have been our European Representative following Brexit in 2020. The onboarding process was simple and the advice provided assists in meeting obligations under EU GDPR."

"By having XpertDPO act as our European Representative for Frontline Accounting, we are confident we are meeting the legal requirements of the GDPR. XpertDPO’s team are always on hand to answer any queries we may have and to help us respond to any Data Subject Access Requests from any client across the UK and the EU."

"XpertDPO are our first and only port of call when we need data protection expertise. We have worked closely with XpertDPO since 2018 and their support has been invaluable. They consistently provide us with the skills, knowledge and technical expertise to deliver excellence to our clients"

"The advice, support, and relationship we have received from XpertDPO has been invaluable. They are exactly the resource we needed to help us scale our Security & Privacy program. Their expert knowledge on GDPR has enabled us to become more knowledgeable in a critically evolving space. With XpertDPO, you receive more than just a data protection service, but the opportunity to learn, feel supported, and bridge the gaps in your compliance journey. Confidently working with global clients has been almost effortless thanks to their expertise and the service they provide us. We could not be happier with our experience thus far and look forward to continuing working closely together.”

"I can highly recommend the services of Stuart and Aimee from the XpertDPO team. Stuart’s wealth of knowledge on all things data protection is second to none and both Stuart and Aimee have always been highly professional and efficient, as well as being friendly, helpful and supportive. All work has been carried out in a timely manner and both Stuart and Aimee have always taken the time to explain our GDPR obligations to us and to help us work through all of the paperwork and processes we need in place. We are delighted to have the services of XpertDPO as the Informed Minds App Data Protection Officer and we feel very safe and secure in the knowledge that we are meeting all of our GDPR obligations with the help of their team."

“I first met Stuart and XpertDPO in 2018, and quickly realised that the level of expertise and depth of knowledge that he possessed was second to none, and I am delighted to say that XpertDPO and TalentPool has worked on many mutually profitable professional projects. The two companies developed Ireland’s first QQI certified Data protection course, which we have successfully delivered with the XpertDPO team into numerous organisations. Stuart and his team have also advised us on many issues around our Data Protection and the incisive advice and guidance he has given us is second to none.”

“XpertDPO as per their name are truly the experts in GDPR regulations. Stuart is very knowledgeable & very thorough with his understanding of the subject. From my very initial association with them to my continued engagement, XpertDPO have always come across as very approachable. The support that Stuart gives our organisation is very valuable and practicable, especially in today’s post Brexit world. More importantly, I find that Stuart is always at the end of a call to help me out and address any urgent GDPR related queries. I highly recommend XpertDPO and Stuart to anyone who is seeking a very through but practical advice and solution if they are navigating the maze of GDPR regulations!” Stuart and his team have also advised us on many issues around our Data Protection and the incisive advice and guidance he has given us is second to none.”

A Selection of Our Happy Clients

XpertDPO is a Data Protection and Compliance consultancy firm in Ireland UK, that offers practical, tailor-made solutions.

Stage 1

Stage 2

Dublin

London

Bahrain