ISO 27001 standard relates to information security management systems within an organisation or company. Open to all businesses across all industries and sectors, large and small, it is an ISO that speaks volumes.
But with the pressure on businesses to keep information secure and to process data responsibility, the spotlight is firmly back on ISO 27001.
Is ISO 27001 accreditation enough to meet GDPR?
No, on its own, ISO 27001 is not enough to secure compliance with GDPR. GDPR covers the processing of data, as well as security etc., which is covered in the standard which relates mostly to the management of data.
However, thumb through the sizeable GDPR document and you will find that it mentions ISO 27001 as being an accreditation worth pursuing as it meets many if not all of the compliances relating to the management of data.
Will gaining ISO 27001 for my business be a large undertaking?
At Synergos, we start the whole accreditation/assessment process with a step called ‘gap analysis’. Effectively what we do is look at your process and policies relating to data and information security as they are now and measure them against the set of standards within the ISO.
This gives a clear picture of what needs doing, from larger updates and changes to small tweaks. From this, we can give you not only a firm idea of what needs to be done but the amount of time needed too.
Can ISO 27001 and GDPR be done at the same time?
In effect, yes, but with GDPR literally weeks away, you may decide it is better to comply with these set of binding regulations, especially as by not doing so, you could be fined around 4% of your global income (for serious breaches).
By complying with GDPR, you will meet many of the standards of ISO 27001 and so at this late stage, it could be a two-step approach. But every business is different, which is why we work on a bespoke basis tailored to your business needs.
Will ISO 27001 affect staff?
It can do, especially if there are changes made to policies, as well as the physical processes of storing, retrieving and archiving data. As part of the ISO 27001 implementation process, we complete staff awareness training. Without it, your information and security management systems could be failing at the first hurdle.
Will there be an auditor visiting the business?
As part of the process, it may be that your business receives an audit visit specifically looking at the processes and policies being management and security of information.
As well as examining the policies and seeing processes in practice, they may also interview people or ask a few questions here and there. This is why staff awareness training, especially with people working directly with information and data is essential.
There is no set script for the questions the auditor will ask, as every business is different. But you need to be confident you and your staff can answer them.
And with Synergos behind you, you know you can!
How can we help you?
If you’re in need of assistance with any aspect of ISO or GDPR compliance, here at Synergos we’d be delighted to help. Whether you have questions about the path to compliance or are looking for advice and support to maintain compliance, call 01484 817 444 or Email firstname.lastname@example.org and we’ll be happy to talk it over with you.