ISO 27001:2013 ISMS

WHY DO YOU NEED ISO 27001?

The rewards of ISO 27001 cannot be over emphasized. Below are some gains experienced:

• Marketing. You can use the certificate to get some new clients (because of, e.g., tenders), or to stay in the business (e.g., all your competitors already have the certificate).


• Compliance. In rare cases some regulations will require you to implement ISO 27001 or ISO 22301, but you may have cases where you will sign contracts with clients which oblige you to implement information security or business continuity compliant with these standards. And instead of having to stand the auditors from each of your clients who want to check whether you complied with the contract, you can have the certification auditor do the job, and then show everyone else the certificate.


• Internal pressure. In some companies, these kinds of projects will never finish unless there is powerful pressure – e.g., a clear deadline. So, if you agree with the certification body on a fixed date for the certification audit, both your management and your employees will have a much stronger sense of urgency for implementation.


• Objective inputs. If you want your business continuity to be at a really high level, it is good to call in people with high experience and who know how you can benchmark with the best in the industry. Certification auditors will be more than happy to audit someone who is trying really hard and will provide inputs on what you could improve.


• As companies develop a information security management system to fulfill requirements of the ISO 27001 standard, they discovered a wider range of internal benefits