ISO 27001: Should be considered as a baseline standard for all businesses to achieve

Cyber security has become a board level issue over the past decade, with breaches resulting in regulatory fines and customer loss and compromised supplier relationships. While around 1.2 million organisations now boast compliance with the ISO 9001 standard, just 45,000 have achieved accredited certification to the cyber security equivalent: ISO 27001.  The problem is a lack of top level commitment.

“While management teams increasingly recognise that cyber security credentials are becoming a key business enabler, why are they failing to step up and make the commitment essential to achieve ISO 27001 certification,” asked Alan Calder, Founder and Executive Chairman, IT Governance.

Cyber security awareness and understanding is fast becoming a fundamental aspect of business differentiation, competitive position, even longevity. While many management teams retain an arms’ length ‘just fix it’ attitude, there is a fast growing band of organisations that now recognise the business value not only of a strong security posture but an accreditation such as ISO 27001 that enables the business to demonstrate its cyber security commitment to customers and business partners alike.

This shift has been driven in part by the arrival of GDPR. While the legal framework is likely to prompt multiple court room battles as companies seek to prove the quality of the technical provision deployed to reduce the likelihood of breach, the ability to demonstrate compliance to a global security standard such as ISO 27001 will be a huge asset.

For organisations that already have good information security processes in place, achieving certification can be fairly straightforward; it is simply a matter of applying the international standards to existing operations and filling in any gaps. For others, however, it will require a fundamental shift in approach, a willingness to not only build the right framework but also get new processes embedded within the business and improve people’s awareness and understanding of good information security behaviour and that can be time consuming.

However, there are also a large number of organisations claiming to follow the ISO 27001 standard without going through the cost of an external certification process – beware! More often than not, these organisations are just paying lip service. Undertake a robust gap analysis to determine how close the company’s security processes and practices are to the full ISO 27001 standard and the gaps will be significant – from management commitment, to the provision of training and the allocation of adequate resources and the quality of the assessment process. These are fundamental components of the ISO 27001 standard and failure to follow these principles reveals an essential lack of strategic understanding of cyber security and cyber resilience.

To be fair to the raft of CISOs keen to move forward and achieve compliance, the biggest stumbling block remains the board in the vast majority of cases. Clause 5 of ISO 27001 states that top management must be engaged in the information security management process; they must lead by example and provide clear guidance to the organisation on issues such as risk management. That means that security is not just a line on the budget and a chance to pass the buck to the tech team; the board must actively discuss and consider security policy if certification is to be achieved.

The world is changing and the ability to demonstrate a high-level of information security is fast becoming more important to organisations than the quality of the service offering. Avoiding regulatory fines is just one small aspect of the business risk; it is the ability to attract customers and safeguard information throughout a supply chain that will increasingly depend upon robust and, critically, certified security postures.  ISO 27001 is becoming a baseline for information security – but achieving that standard will require top level commitment.

www.itgovernance.co.uk

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Dallmeier - securitybuyer.com

Dallmeier presents the MK4 revision of the DMS 2400

With the new MK4 revision of the DMS 2400, Dallmeier introduces an even more powerful version of its proven video appliance.
security Institute - securitybuyer.com

Security Institute Announces New Directors

The Security Institute held its Annual General Meeting (AGM) on the 8th of July at the Millennium Hotel & Conference Centre…
ASSA ABLOY - securitybuyer.com

BG100 Speedgate Recognised with Red Dot Award

Combining an Aesthetically Appealing Design, Function and Innovation, the BG100 Speedgate Sets New Benchmark for …
Product Spotlight - Videx - securitybuyer.com

Product Spotlight – Era Series

VIDEX presents its new series of outdoor compact video door entry systems, Era Series, and showcases their durability, configuration…
Security Institute - SecurityBuyer.com

The Security Institute Hosts Second Young People’s Skill Building

The Security Institute was honoured to host its second annual Young People’s Skill Building Event on Monday 23rd June, held …
Hanwha Vision - Security Buyer

Hanwha Vision unveils powerful AI remote-head camera

Hanwha Vision, the global vision solution provider, launches the AI remote-head camera, featuring a single-body…
Christina Alexander Judge - SecurityBuyer

Christina Alexander Announced as Security Buyer Awards Judge

Security Buyer is proud to announce Christina Alexander as the latest addition to the distinguished judging panel for the Security…
Milestone - SecurityBuyer

Milestone Systems updates across XProtect, BriefCam, Arcules

Milestone Systems today announced updates across its complete security technology portfolio with releases for XProtect
Big Interview Abdullah Tanoli

Big Interview – Hero of Leicester Square

Rebecca Spayne of Security Buyer has the privilege of speaking with a real-life hero, Abdullah Tanoli, the hero of Leicester Square..
Altronix - SecurityBuyer

Altronix POE367 Delivers 277VAC Support

Altronix has expanded its power product line with the new POE367 power supply/charger designed specifically for 277VAC input environments.
Scroll to Top