Colin Brown | UK ISO Consultants https://isoconsultants.co.uk Leadership and guidance preparing you for ISO auditing Tue, 30 Jan 2024 16:13:23 +0000 en-GB hourly 1 https://isoconsultants.co.uk/iso2023wp/wp-content/uploads/2023/09/cropped-iso-fab-icon-32x32.png Colin Brown | UK ISO Consultants https://isoconsultants.co.uk 32 32 Data Security and the role of ISO 27001 certification https://isoconsultants.co.uk/data-security-and-the-role-of-iso-27001-certification/ https://isoconsultants.co.uk/data-security-and-the-role-of-iso-27001-certification/#respond Fri, 05 Feb 2021 12:00:43 +0000 https://www.independentqualityservice.com/?p=15503

Data Security? But we’ve got passwords and virus checking????

2020 has been a difficult year in many ways, but some businesses seem to take a longer time to learn lessons than others. OK so we’re a bit geeky, had a PC in the very early nineties, remember when software came on disks, like playing with gadgets and stuff. But you’d think that being careful with your data was pretty common knowledge by now surely? Nobody really sends their bank details to Nigerian Princes believing they will receive millions in cash because he has nobody else to give it to, do they? And yet, the last few months shows people still haven’t learned:

14 Sep 2020 18,000 Covid-19 test results put online by mistake

16 Oct 2020 British Airways fined £20m over data breach

30 Oct 2020 Marriott fined £18.4m for hotel guests data breach

13 Nov 2020 Ticketmaster fined £1.25m over payment data breach

23 Nov 2020 Children’s names published in email

26 Nov 2020 NHS data breach involving 284 patients uncovered

Source: https://www.bbc.co.uk/news/topics/c0ele42740rt/data-breaches

And those are just a few of the issues which hit the headlines, like many, many phenomena this is just the tip of a huge iceberg, the big names which make big headlines, beneath these monoliths are smaller companies losing millions, and rarely spoken about. ISO 27001 describes a routine system for assessing the risks to your business information and data, the controls to put in place to address those risks, and the periodic checks you need to complete to ensure those risks, and the new ones which will develop tomorrow, are identified, actioned and closed down.

Getting a UK government backed certificate to say that your system addresses ISO 27001 gives you, and all those affected by your operations, additional confidence. If you are sharing data with customers, suppliers or even colleagues they will all have more confidence in you if they know you have invested the time to make sure that such information is safe and secure.

Questions? We have answers!

If you would like a cost-effective solution to gaining ISO 27001 certification from a government recognised body contact us now.
Get in touch
]]> https://isoconsultants.co.uk/data-security-and-the-role-of-iso-27001-certification/feed/ 0 Cost Effective ISO 27001 Certification and Why Most Companies Pay Too Much… https://isoconsultants.co.uk/cost-effective-iso-27001-certification-and-why-most-companies-pay-too-much-2/ https://isoconsultants.co.uk/cost-effective-iso-27001-certification-and-why-most-companies-pay-too-much-2/#comments Tue, 11 Sep 2012 10:53:01 +0000 http://iais.wpengine.com/?p=1770

Occasionally, I’m shocked at what companies spend on ISO 27001 certification.. An MD recently told me he had been quoted £1500 a day for implementing an ISO 27001 Information Security System, with a minimum of 14 days consultancy required, a total cost of £21000. Nice work if you can get it.

In contrast, I recently implemented such a system for a local business for less than £6000, including certification by one of the World’s leading independent bodies. Was it the same? Yes. Did I leave anything out? No. So why the difference ?

And, just one more time, what is ISO 27001?  It’s an International Standard intended to establish an IT and Information Security System in a business.

And “Why ISO 27001?” Hacking, spoofing, virus attacks, and all kinds of cybercrime are a hot topic. Threats to your business are no longer from local criminals, but may come from another continent, and a burglar alarm won’t keep them out. Certain organisations will insist on it as a minimum requirement before even contemplating doing business with your company.

So, why such a difference in cost for an identical ISO 27001 certification service?

First I deliver the system myself, so nobody is taking large commissions for passing it onto people with the right skills. No brokers, middle-men, agencies. I am the actual person with the skills and experience, a strong background in telecommunications and IT, and promise to deliver a fully compliant system first time. Full stop. I’ll even offer you a guarantee that if you don’t pass first time I’ll work for you for free until you do. I don’t have a large expensive office or employ an army of expensive sales and marketing staff.

I’m based in The East Midlands, close to Derby, Nottingham, and Leicester, rather than Central London, so I’m not paying big city overheads, yet can reach all the major business centres of the UK within a few hours. All this means I can bring you an excellent service with the minimum of overheads, the essence of effective consulting but without the superfluous corporate trappings.

But is this “low cost ISO certifcation”, that is, “approval-lite”? Not at all. I used to be an auditor with a world leading certification body, which gives both you and me some significant advantages – I understand ISO systems and certification requirements intimately, sometimes better than those who audit them. I’ve worked for a number of major corporate bodies as head of quality, which involved high levels of security clearance, so I bring experience gained in some of the UK’s most prestigious corporates, but without those associated costs. It also means I have read systems by many world leading companies including those which feature heavily documented procedures and systems which appear to be generated by consultants paid per word.

I’ve had to endure them, and I don’t want my customers to do so. They waste time, and hence money. I write concise, easy to understand ISO 27001 Certification documents where they are truly necessary, and educate and train your staff where the requirement is simply one of competence.

This means I can be quicker and more relevant than many, with simpler systems and hence with fewer areas of potential failure. Now, if you are a World Leading Bank or Insurance Company and have lots of other people’s money to spend, you are welcome to engage someone in from a world famous consultancy with a double-barrelled name and pay them £1500 a day.

On the other hand, if you need a working ISO 27001 Information Security System your staff can easily use, certified to the same standard by the same independent certifiers but for a fraction of the cost, I’d love to hear from you.

Colin Brown

IAIS Ltd

Contact me now

 

Written by Colin Brown of ISO Consultants

]]> https://isoconsultants.co.uk/cost-effective-iso-27001-certification-and-why-most-companies-pay-too-much-2/feed/ 1