Services

ISO 27001 – Information Security Management Systems

ISO 27001 is the international standard which is recognised globally for managing risks to the security of the information your organisation holds.
Services

ISO 27001 – Information Security Management Systems

ISO 27001 certification allows you to demonstrate and prove to your clients (and other stakeholders) that you are managing the security of your information. It can also help you comply with the requirements of Article 32 of the GDPR (Security of Processing – Technical and Organisational Measures).

ISO 27001 (ISO 27001:2013 is the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS). The standard adopts a process based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.

The ISO 27001 standard and ISMS provides a framework for information security management best practice that helps organisations to:

Services
Why should you get ISO Certified?

ISO 27001 Certification is suitable for any organisation, regardless of size, in any sector. The standard is applicable to organisations which manage high volumes of data, or information on behalf of other organisations such as data centres and IT outsourcing companies. In addition, the standard is especially relevant where the protection of information is critical, such as in the health, public, banking, financial and IT sectors.

At XpertDPO, we believe that the information that you hold is your prime asset. Without this information (or access to it) you cannot operate your business. Therefore, protecting your organisation’s information is critical for the successful management and smooth operation of your organisation.

Achieving ISO 27001 certification will aid your organisation in managing and protecting your valuable data and information assets. By achieving certification to ISO 27001 your organisation will be able to reap numerous and consistent benefits including:

How does it work?

The ISO 27001 Certification is a two stage process and takes on average between 3 to 6 months. XpertDPO will deliver a bespoke information security management system tailored to the exact needs of your organisation with our proven ISO 27001 Policy and Best Practice documents.

There are two stages to the certification process.

Stage 1

is primarily an audit of your documentation. The ISO 27001 Stage 1 audit checks that your organisation has the required policies, processes and documents in place. It focuses on the information security management. It may seek some initial evidence that the information security management system is implemented.

Stage 2

is primarily an evidence audit. The ISO 27001 Stage 2 audit confirms that you actually do what you say you do. The Stage 2 audit will look for evidence of meetings, risk management, continual improvement and the effective implementation working of processes. It is mainly focussed on ISO 27002 which is often referred to as Annex A.

Does being ISO 27001 certified mean that we are GDPR compliant?

Not entirely……

Our general advice to organisations that have been told “ISO 27001 will make you GDPR compliant” is to proceed with caution. There are elements of ISO 27001 that feed into your GDPR compliance program and vice versa however, in our opinion, being ISO certified is no guarantee that the organisation is fully compliant with the GDPR.

To that end, there is a new GDPR Compliance standard. ISO 27701:2019 is a privacy extension to ISO 27001. Organisations who are already certified to ISO 27001 will now be able to also certify to ISO 27701. The idea behind this new extension is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).

Why choose XpertDPO?

XpertDPO will be with you every step of the way. We help clients implement ISO 27001 and ISO 27701 efficiently and effectively. Whether you are looking to achieve full ISO 27001 / 27701 certification or just want to align with ISO 27001. We have expert consultants ready to guide your organistation towards certification.

Ready to start your
Data Protection journey with us?
what we can do
Our Experience

XpertDPO is a data security, governance, risk and compliance, GDPR and ISO consultancy that offers practical, tailor-made solutions.

XpertDPO is a data security, governance, risk and compliance, GDPR and ISO consultancy that offers practical, tailor-made solutions.

We are one of the leading providers of Outsourced Data Protection Officer services in Ireland and the UK. We also specialise in offering Nominated European Representative Services to non EU based organisations.

OUR EXPERIENCE

A Selection of Our Happy Clients

XpertDPO is a Data Protection and Compliance consultancy firm in Ireland UK, that offers practical, tailor-made solutions.

XpertDPO is a Data Protection and Compliance consultancy firm in Ireland UK, that offers practical, tailor-made solutions.