ISO 27001 Certification

Why choose Insicon for your ISO 27001 certification?

Proven real-world experience

Insicon assists organisations in achieving ISO 27001 certification through several key services:

  • We provide proven expertise to help companies develop and implement a robust Information Security Management System (ISMS), which is the core requirement of ISO 27001.
  • We offer guidance on developing secure policies, procedures, and processes that align with ISO 27001 standards, helping to reduce the risk of security breaches.
  • Our team includes highly experienced and qualified ISO 27001 Lead Auditors and Implementors who assist clients throughout the certification journey.
  • We conduct comprehensive risk assessments to identify cyber risks unique to each organisation's security posture, which is a crucial step in the ISO 27001 certification process.
  • We tailor our services to meet each organisation's specific cyber needs, ensuring that the implemented ISMS is appropriate for the company's size and structure.
  • We provide ongoing support and guidance to help organisations maintain their certification and continuously improve their information security practices.
  • We can assist in the transition from ISO 27001:2013 to the revised ISO 27001:2022 standard.
  • As we ourselves hold ISO 27001 certification, we bring practical experience and insights to help clients navigate the certification process effectively.
  • By leveraging our expertise, organisations can streamline their path to ISO 27001 certification, demonstrating their commitment to information security and enhancing trust with stakeholders.

What is ISO 27001?


In today's digital landscape, cyber security has become a paramount concern for businesses of all sizes. As cyber threats continue to evolve, organisations are seeking robust methods to protect their data and operations. One such method is obtaining ISO 27001 certification, which not only strengthens a company’s security posture but can also lead to significant reductions in cyber insurance premiums.

ISO 27001 is an internationally recognised 'gold' standard for information security management. It provides a framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). The standard is designed to help organisations protect their information assets against risks, ensuring the confidentiality, integrity, and availability of data.

 

What ISO 27001 Certification means?

Being ISO 27001 certified is a significant achievement for organisations that prioritise cyber Security. ISO 27001 is an internationally recognised standard that provides a framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

While there are numerous reasons to pursue ISO 27001 certification, here are the key benefits

Enhanced Cyber Security Posture

ISO 27001 certification demonstrates a commitment to implementing robust security controls.

Risk Management

ISO 27001 places a strong emphasis on risk assessment and management.

Legal and Regulatory Compliance

ISO 27001 aids organisations in achieving and maintaining compliance with relevant laws and regulations, such as the Australian Privacy Act 1988, the General Data Protection Regulation (GDP), or the California Consumer Privacy Act (CCPA).

Business Reputation and Trust

ISO 27001 certification enhances an organisation’s reputation and instils confidence in customers, partners, and stakeholders.

Incident Response and Business Continuity

ISO 27001 requires organisations to establish an incident response plan and a business continuity management system (BCMS).

Third-Party Assurance

ISO 27001 certification provides assurance to third parties, such as clients, suppliers, and business partners, that an organisation has implemented adequate security controls.

What are the recent changes to ISO 27001?

ISO 27001:2013 is now ISO 27001:2022!

In October 2022, the ISO 27001 Standard was updated with several changes to the structure. ISO 27001:2022 is the latest version of the Standard, which replaced the previous version – ISO 27001:2013. In the previous version, Annex A was divided into 14 categories, which correspond with the guidance of ISO 27002.

The ISO 27001 controls were made up of 14 clauses, containing 114 different controls. There are now 93 controls, grouped into four themes:

  1. People (8 controls – ISO 27001 6.1-6.8)
  2. Organisational (37 controls – ISO 27001 5.1-5.37)
  3. Technological (34 controls – ISO 27001 8.1-8.34)
  4. Physical (14 controls – ISO 27001 7.1-7.13)

The changes reflect a modernised approach to managing and dealing with information security risks.

What are the 11 new controls in ISO 27001?

The ISO 27001 controls have been merged, meaning the structure of the controls has been changed slightly as part of the new ISO 27001:2022.

  • 5.7 Threat Intelligence: Collect and analyse any information relating to information security threats to produce intelligence in response to this.
  • 5.23 Information security for use of cloud services: Offers protection over the use of cloud services by a business, ensuring no risks are posed to the confidentiality, integrity and availability of information.
  • 5.30 ICT readiness for business continuity: This control ensures that an organisation’s IT systems are not compromised in the event of disruption or a crisis.
  • 7.4 Physical security monitoring: The continuous monitoring of physical security measures to protect assets and people.
  • 8.9 Configuration management: Managing and controlling the configuration of information systems and IT infrastructure.
  • 8.10 Information deletion: Deletion of any information stored in information systems that are surplus to requirements.
  • 8.11 Data masking: Protecting sensitive or financial data by modifying this with fictitious data to maintain usability for testing.
  • 8.12 Data leakage prevention: Applying prevention measures to systems, networks and any devices that process or store sensitive information.
  • 8.16 Monitoring activities: Tracking and analysing activities to detect and react to any violations of security policies.
  • 8.23 Web filtering: This control looks at filtering employee access to websites that may cause malware infection.
  • 8.28 Secure coding: The implementation of coding principles that offer maximum security of the software code.

What is the Timeline for Australian Organisations to Transition to ISO 27001:2022?

The following dates are relevant for organisations certified under ISO 27001:2013:

  • 25th October 2022: ISO/IEC 27001:2022 3rd edition – Release date
  • 31st October 2022: Transition period begins
  • 1st May 2024: All initial (new) certifications should be to the ISO 27001:2022 edition after this date and all recertification audits are recommended to utilise the ISO 27001:2022 edition after this date. Applications for certification and issue new certificates against the ISO 27001:2013 standard until this date.
  • 31st July 2025: All transition audits should be conducted by this date.
  • 31st October 2025: Transition period ends – Certificates for ISO/IEC 27001:2013 will no longer be valid after this date.

Can Insicon assist in our transition to ISO 27001:2022?

Absolutely!

Insicon will work with your team to review and plan your transition from ISO 27001:2013 to ISO 27001:2022. Contact us and we can start the process. The clock is ticking!!

Next Steps

If you want to demonstrate to customers and stakeholders that you take the security of their information seriously, gaining certification to ISO 27001 is definitely worth considering and offers numerous advantages for organisations seeking to enhance their cyber security practices. It establishes a robust security framework, improves risk management capabilities, ensures legal and regulatory compliance, enhances business reputation and trust, facilitates effective incident response and business continuity, and provides third-party assurance. By investing in ISO 27001 certification, organisations can bolster their cyber security posture and demonstrate their commitment to protecting sensitive information in an increasingly interconnected and data-driven world.

For more information on this topic or to organise a discussion around a fresh ISO 27001 certification within your organisation, or a transition from ISO 27001:2013 to ISO 27001:2022 please contact info@insicon.com.au or use our Contact page.