[BNM] ISO 27001 Compliance

Paul Howard paul at phoward.com
Thu Feb 6 13:32:34 GMT 2020

Hi Arthur

One of my clients is ISO 27001 certified (has been for about 8 years now).
The risk assessments and auditing can be quite onerous and a lot of the
work never gets seen by anyone, even the person that comes in to audit you.

I last went through the audit with them in December and out of about 40
areas they could have looked at they chose 4 or 5 areas and wanted evidence
of how/why things were done and proof that we had looked into our own
practices and tried to identify improvements we, ourselves could make.

Out of a company of about 15 people, there are 6 people on the ISO team who
have decent levels of input.  I would say I put in about an hour or two a
week on average over the course of a year to keep my part of the
documentation u p to date and on track for the next years audit.

When we get audited at the end of each year it's normally a mad week and a
half of double and triple-checking everything so as not to hand over
essentially evidence of gaps in our methodology.

And every three years you need to do full recertification rather than just
a big audit, so it's like getting it from scratch all over again - albeit
with a lot of prior knowledge of how things are done.

My client used https://www.teamworkims.co.uk/ to do a run-through with them
and see if they were missing anything before the first certification but
you should only need help with the first one. After that, you should have
the knowledge you need to know what you are missing or lacking in detail

Happy to answer any questions you may have going forward.

Paul Howard
m: 07903 505153

On Thu, Feb 6, 2020 at 1:10 PM Arthur Guy <arthur at arthurguy.co.uk> wrote:

> Hi all,
> Has anyone here been through the process of getting ISO27001 certification?
> I have started to look into it and I am keen to get a feel for the risk
> assessment and audit requirements and perhaps start preparing things before
> we engage a company and fully start down the journey.
> Has anyone done this and perhaps could point me towards any
> useful resources?
> Thanks,
> Arthur
> --
> BNM Subscribe/Unsubscribe:
> http://lists.brightonnewmedia.org/options/bnmlist
> BNM members often work together in the real world at:
> http://www.theskiff.org
> Join the BNM community on Slack
> https://bnmslackin.herokuapp.com/
> BNM powered by Wessex IT:
> http://www.wessexit.com

More information about the BNMlist mailing list