What’s the difference between aligning and certifying?
At least € 10,000!
Why?
Because to align to a standard:
- You need to understand the requirements of the standard (in the case of ISO 27001, sections 4 – 10 and the mandatory controls of Annex A).
- You need to define, implement, and operate the necessary changes to meet these requirements.
But to certify to a standard, you also need to:
- Get a 3rd party certification body to audit what you have done (and continue to do).
External Audits can’t be avoided if you want to attain and sustain ISO certification.
And they ain’t cheap.
So what?
If your clients are regulated or large organisations, they are probably asking you detailed questions about how you are managing your security.
Answering these questions is far easier if you have aligned to an industry standard such as ISO 27001.
And if / when one of them insists that you get certified to ISO 27001, your past efforts to align to the standard will make the certification process so much easier.
[If you need help with this]
I can help you with ISO 27001 if a lack of time or know-how is blocking your in-house efforts. Learn more here.