What we do for you
- Preparation for ISO 27001 or TISAX® audits
- Experts from the fields of IT, law & business
- Personal contact persons & individual support
- Minimization of compliance risks
- Your documents available online at any time
English – United Kingdom
What we do for you
For many businesses, getting ISO 27001 certified is demanded by customers, stakeholders, and even regulators.
But how do you know when your business is ready? Take our assessment below to get an indication of whether or not you are ready to approach certification.
How ready are you for ISO 27001 certification? Use this assessment to get an estimate! Simply answer this short series of questions, giving honest answers about your current activities. This will give you an indication of whether or not your business is ready for certification.
Start assessmentLegal notice: Your answers and your final result in this assessment will not be stored by our system or passed on to our team if you fill out a contact form. They are completely private to you. This assessment is designed to give an estimate of your readiness for ISO 27001 certification only.
Is there awareness of exposure to risks? Is there awareness that IT security and information security overlap, but are not simply the same thing?
Examples include information stored in cloud services (Office, G-Suite), or inside tools like Salesforce, Pipedrive, Workday, Cognos and Slack. It also includes prototyping tools like Figma and Miro, or any other cloud-based tool or platform that your team uses. It should also include information on servers, information that resides with subcontractors/suppliers, information received from customers, etc.
This includes natural/physical risks, technical risks, legal risks, contractual risks, compliance risks, and financial risks.
This could be a tangible financial risk. For example, if confidentiality is breached, if information stops being available (server crash, cloud service unavailable), or if information cannot be trusted (somebody might have forged it). In such cases, what’s the potential damage to your business?
For example, awareness of measures to protect data while they’re in a cloud system? Awareness of insurance possibilities? Awareness of how to continue to run the business if services become unavailable?
Can you confidently say that your team members know what to do if information is breached, lost, or stops being available?
Examples: Can anybody walk into the office without being challenged? Is it accepted practice that the smokers among your team leave the door permanently open? For those working from home, is your hardware protected from visitors and children?
Do you manage access to computers, service, and physical facilities? Do you know how suppliers and/or vendors handle your data?
Have you ever visited a key supplier? Do you have contracts or agreements in place with them?
When Yahoo! reported its large password breach in September 2016, the actual incident had in fact occurred sometime in late 2014 and affected over 500 million Yahoo! user accounts. Would you be faster?
The basics include firewalls and anti-virus tools. If you run a web platform, have you run a penetration test? Have you done so recently? How do you make your developers aware of security advisories affecting the open-source libraries they use?
Data protection laws are a clear example, but you should also consider other applicable laws. For example intellectual property or licenses that you use, security-related laws that apply in one country but are different in another, and many more.
It seems your business still has a lot of work to do if you want to certify. Remember, external auditors will fail you instantly if your business is unprepared.
It looks like your business is on the right track, but you still have a lot of work to do if you want to certify.
Well done! You're almost at the finish line. It looks like your business could soon be ready for ISO 27001 certification.
If you want more information about ISO 27001 certification, download our free ISO 27001 implementation roadmap. This is a six step guide to help you prepare for certification, guiding you through the process and outlining the deliverables at each step.
Alternatively, if you want to speak with a member of our team, get in touch via the form on the right.
Browse our InfoSec articles and resources
Information security is one of the core topics of due diligence audits. We explain what it means and what businesses should take note of throughout its implementation.
In this whitepaper you will learn how a due diligence process works and what is audited in the process.
If you have specific questions around information security in your company or if you’re facing challenges with preparing for ISO 27001 certification, contact us – we’d love to help you! Drop in your business email on the right and a member of our team will get back to you.
Are you looking for an external data protection or information security officer? With over 100 experts and a platform we developed ourselves, we support you at eye level to achieve your goals!
Get practical tips and invitations to webinars and online Q&A sessions via our monthly emailing