Linoor is a premium Template for Digital Agencies, Start Ups, Small Business and a wide range of other agencies.
+91 7676666555

  • 1.What is ISO 27001?
    ISO 27001 is an international standard issued by the International Standardization Organization (ISO), which defines information security management systems. Its full title is ISO 27001. This standard was developed from British standard BS 7799-2; it was first published as ISO 27001 and has now become a leading international standard for information security.
  • 2.What is achieved by implementing ISO 27001?
    Implementation of ISO 27001 reduces risks related to confidentiality, availability, and integrity of information in an organization. It also helps the organization to achieve conformity with legislation regulating the protection of confidential information, protection of information systems, personal data protection, etc., which are already in place in most countries. Finally, implementation of the standard should reduce business costs due to fewer incidents, and improve marketing because of the publicity that can be gained with the standard.
  • 3.What is the difference between ISO 27001 and ISO 27002?
    The international standard ISO 27002 defines guidelines for the implementation of controls listed in ISO 27001. ISO 27001 specifies 114 controls that can be used to reduce security risks, and ISO 27002 provides details on how to implement these controls. Organizations can become certified against ISO 27001, but not against ISO 27002.
  • 4.Why is ISO 22301 often mentioned with ISO 27001?
    ISO 27001 is a specification for an information security management system (ISMS) and includes information concerning business continuity management as it pertains to the continuity of the ISMS. ISO 22301 provides a broader specification for a full-blown Business Continuity Management System (BCMS) that addresses the continuity beyond the ISMS .
  • 5.We have implemented ISO 9001; can some of it be used for ISO 27001?
    Absolutely! Some parts of ISO 27001 and ISO 9001 are virtually the same – e.g., documentation management, internal audits, management review, and corrective actions. If the said procedures are already used for ISO 9001, they can also be used for ISO 27001/ISO 22301 with only minor changes. In other words, organizations that have already implemented ISO 9001 will have an easier job implementing ISO 27001.
  • 6.How long does it take to implement ISO 27001?
  • 7.Does ISO 27001 have to be implemented throughout the entire organization?
    No. It is possible to set the scope of implementation for only one part of the organization, which makes sense in the case of larger organizations operating at several different locations and/or in different countries. For small organizations that do business at a smaller number of locations, it is better to implement the standard for the whole organization.
  • 8.How much does it cost to implement ISO 27001?
    It is almost impossible to calculate the cost before completing the risk assessment. The majority of expenses are not usually related to hardware or software, but to developing procedures and getting them up and running, raising of employee awareness and training of employees, certification, etc. The costs also depend on the size of the company, but not all security controls have to be implemented immediately, and that implementation of some of them may be postponed.
  • 9.How much does it cost to maintain an ISO-27001 Certification?
    You are required to have a registrar audit your ISMS each year. In each of the first 2 years after your certification, you will require a “surveillance” audit. In the 3rd year, you will require another “certification” audit. The cost of the surveillance audit is generally 60 to 80% of the certification audit.
  • 10.Is there a legal requirement to comply with or be certified to ISO 27001?
    There is, generally, no direct legal requirement as such. Organisations choose whether or not to implement the requirements of ISO 27001 based upon the benefits that would be gained by doing so. However, you should pay close attention to any contractual obligations you may have for protecting the information of clients and other stakeholders. There is an increasing trend where customers require third party suppliers to implement or certify to ISO 27001, thus making it a legal requirement, by way of a contract.

Still stuck ask directly.

We’re Ready to Bring Bigger
& Stronger Projects