ISO 27001 certification
Introduction
ISO 27001 certification, project management, and support for implementing an information security management system
ISO 27001 is part of a series of standards that cover the protection of various types of information assets. The complete series consists of around fifty different standards, covering everything from network security to incident management, risk management, and software security. By working with a management system, your entire organization gains standardized protection for its information assets.
How we can help
We help your organization with the management system
Our consultants have extensive experience with ISO 27001 and possess deep knowledge of management systems. Together, we’ve guided both large and smaller companies toward certification. Since ISO 27001 also relates to many of our other services, it’s an area where we truly excel.
Here’s how we support you in an ISO 27001 certification:
- Planning and project management
- Education and assistance
- Guidance and oversight
- Assistance with ISO 27001 certification
Några av våra kunder









The process
The path to ISO 27001 certification
The standard sets clear requirements for the systematic approach and criteria for risk analysis and measures. The criteria come first, followed by the identification and systematic evaluation of risks. When the criteria are established upfront, there is less uncertainty and discussion about what actually needs to be addressed once the risk evaluation begins. This is an example of what a plan for ISO 27001 might look like.
Questions and answers
Here you’ll find answers to the most frequently asked questions about ISO 27001. Do you have a question that is not listed? Use the contact form further down the page.
Yes, there are more information security management systems, including NIST CSF and ISF.
After you have been certified, you undergo annual audits to ensure that the organization continues to meet the requirements of ISO 27001. Every three years, recertification is done, which is a slightly larger audit.
The purpose of ISO 27001 is to increase safety in the organization through the work of the management system.
No, not everyone currently needs to have an ISO 27001 certification. But there is a strong indication that some organizations covered by NIS2 will have management systems work as a requirement.
In order to be certified, it is required that you work with information security in a systematic way and meet the requirements set by ISO 27001. The word certification itself means approved audit. In order to be certified, it is then required that you first undergo a certification audit.
The need for a management system for information security (LIS) often comes in the form of a requirement from a supplier, subcontractor, partner, authority or regulation.
ISO 27001 gives the organization a standardized way of working with safety. In other words, the organization begins to work from a best-practice way that is developed by IT and information security experts on how best to work with security in their organization.
It is absolutely possible to work towards a certification without necessarily being certified. What you gain from such work is increased security that permeates all layers of the organization.
It is possible to carry out an ISO work without external help. Unfortunately, that route often takes much longer than hiring a consultant. A good idea is to buy the standard and then read through and build your own framework that you implement in your organization through various efforts such as processes and routines, training and security-enhancing measures.
After the management system has been introduced and the organization has passed an internal audit, an independent certification body must review and assess the organization / management system to ensure that the requirements are met. If the audit is approved by the independent body, the certification is granted.
How long it takes to be certified depends above all on how security mature you are as an organization, i.e. if you have worked with information security before and have certain processes already completed. Other parts that affect are how big you are as a company, what priority the certification has and which scoop we choose to be certified. As a rule, it takes an estimated 6-12 months, but we have had projects that have taken longer.
The entire organization becomes more resilient to cyber attacks. Awareness, technical and organizational measures to increase security are put in focus and permeate the entire organization. In addition to that, a certified organization fulfills many of the requirements that partners can set for a collaboration.
ISO 27001 is a management system for information security. By using it in your organization, you get a standardized way of working based on all aspects of security.