Protect your data and reputation
ISO 27001 certification demonstrates you've established a systematic, risk-based approach to information security that drives best practices around:
• Identifying information and cyber security risks.
• Analysing risks based on impact and likelihood.
• Evaluating risks and prioritising when they're addressed based on factors relating to your business.
• Selecting risk treatment options.

Demonstrate compliance with laws, regulations and contractual requirements
Gaining certification to ISO 27001 requires you to identify applicable legislation. This has a positive impact on risk management and corporate governance, helping you demonstrate compliance and fulfil contractual requirements.

Competitive edge
Certification from SQNet gives clients and stakeholders confidence that security risks - which could relate to IT, people, the physical environment and business continuity - have been adequately addressed in order to protect their information.

ISO 27001 certification provides a clear statement of your capability and demonstrates that you operate in line with internationally recognised best practices - helping you win new business.

ISO 27001 audits follow the same approach as other Annex SL based management systems. You can start with training and gap analysis, but the formal process involves an audit of the design of the ISMS (Stage 1) and an audit of its operation (Stage 2). The outputs of these audits are technically reviewed by a qualified, independent person in SQNet to ensure consistency and alignment with our commitment to the best practices defined by accreditors.

Once approved your ISO 27001 certificate is issued and you begin a three-year cycle of surveillance audits leading up to a renewal audit to re-establish the next three years. Surveillance enables both SQNet and your organisation to manage changes and ensure that audits are relevant to current industry needs.

The path that your organisation takes to achieve ISO 27001 certification often depends on your business's level of maturity in relation to information security and broader risk management, amongst other factors. But the typical process to get ISO 27001 certified includes 3 main steps.
Stage 1 Audit - document review and planning: Your auditor will review the design and documentation of your management system - in most cases, this is carried out remotely.
Stage 2 Audit - evaluating your implementation: Your auditor will evaluate the implementation and effectiveness of your ISMS in line with the requirements of ISO 27001. If there are no non-conformities, you'll receive your certification. This stage can be carried out remotely or on-site.
Promote your ISO 27001 certification: Your certification demonstrates a commitment to internationally recognised best practices and continual improvement - helping you win new business and meet customer demands.

The cost is based on the number of audit days which relates to the number of employees within the scope of the ISMS. The number of audit days is published in the accreditation standard, ISO 27006, and available for all to see. Engaging an accredited certification body like SQnet ensures you get a proposed audit duration based on industry best practices that is comparable to all other accredited certification bodies.

As an example an organisation of 100 Full-Time Equivalents (FTEs) should expect an initial audit duration (Stage 1 + Stage 2) of between 8 and 12 days depending on the sector they operate in, how complex their working environment is, whether they are involved in developing software, or if they need to build security into the product. The subsequent surveillance programme would be 3-4 days/year and the renewal 6-8 days.

Yes - as both ISO 9001 and ISO 27001 are based on the generic best practice model for management systems - Annex SL - the core management processes can be optimised to meet the requirements for both standards. In fact, designing a system to address both improves the effectiveness of organisational governance. For example, business objectives such as growth often require the development of new products where security is typically considered a quality standard in line with market expectations. Integration can also minimise duplication which can lead to a reduction in audit time, providing a cost-effective option.