ISOs are a significant boost for any business, large or small, regardless of industry. But they are not a tick box exercise. With ISOs, you must remain compliant, always reviewing and monitoring to push your business forward in a certain field but also to stay in pace with key developments. But how do you remain compliant with ISO post accreditation?
Every ISO is different with a different set of requirements and standards. ISO 27001 for Information Security is no easy task. Once the certification is complete, it’s easy to assume you can sit back and relax. Not so! Maintaining compliance is key to this standard, as it is to ISOs, 9001 Quality Management Systems and ISO 22301 business continuity management systems.
1 From planning to ‘doing’
With ISO 27001, as with other ISOs, there is a planning phase in which you develop procedures for dealing with key aspects. With standards met, you now need to move from the planning phase to implementing these procedures.
The likelihood is, many of these processes were performed pre-ISO as a matter of course but there may be new ones that must be adopted over time, hence the reason why awareness training with employees is essential.
There will be a need for training pre-ISO just as there is after standards have been met. With ISO in place, you have the framework which identifies training needs, as well as how this could be delivered and to what end. Measuring training effectiveness is also key to Iso compliance.
3 Control of outsourcing suppliers and partners
ISO compliance ushers in many changes one of which is to look at outsourcing partners and suppliers and the services that they offer, and not just at the price they offer it. Compliance is across all aspects of your business so if suppliers aren’t meeting basic information security criteria, for example, are you? as part of the information security ISO standard?
4 Monitoring and measuring
There is clearly a case for remaining compliant with monitoring and measuring activities that give you a detailed picture of your organisation’s current stance in relation to certain issues, procedures and so on.
This can be hard to do, from a time-dependency point of view. Our mentoring and maintenance packages are ideal for such occasions. With an agreed timetable in place, we can monitor and measure compliance, suggesting changes and updates that you can then implement to retain compliance to ISO standards, ISO 27001 included.
5 Audit (but without the stress)
In some ways, our mentoring package is an external audit process that can work in favour of your organisation. We look at all the elements external auditors will look for but we don’t bring the added stress of being ‘formally’ assessed.
When it comes to an external auditing process, you will be much better prepared but also confident that you can and do maintain the high standards of compliance that comes with ISOs for your business.
How can we help you?
If you’re in need of assistance with ISO 27001 or any other aspect of ISO certification, here at Synergos we’d be delighted to help. Whether you have questions about the path to certification or are looking for advice and support to maintain an existing standard call 01484 666160 or email firstname.lastname@example.org and we’ll be happy to talk it over with you.