ISO-27001 is a globally recognized security framework. It aims to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System” (ISMS). ISO-27001 is not industry specific – any type of company can undergo ISO 27001 certification whether large, small, for-profit, not-for-profit, etc. Ultimately, it is a way of making sure that an organization is managing information security risks effectively.
Why do Companies get Certified?
There are many different motivations as to why a company may choose to get certified. These include:
Meeting contractual or regulatory requirements
Customer request or preference
As a development to or an extension of a risk management program
To determine clear information security goals
To gain an edge in a competitive market
How much does it cost to become ISO-27001 Certified?
There are three main costs to becoming certified: internal costs, costs for preparation, and certification costs. Costs can vary significantly based on the ISMS scope, ISMS gap assessment, resource capabilities, the project timeframe and size of the organization. Ostendio works with preferred assessors who offer discounts to MyVCM customers.
How long does it take?
Typically, a MyVCM customer will take between 3 – 6 months for certification, but this can vary depending on the size of the organization and the scope of the project.
How do I know which Certification to pursue? ISO-27001? SOC 2? HITRUST?
Between different industry regulations, and varying resource commitments, it can be difficult to decide which path is best for your business. So, how do you know which one to choose?
The Ostendio Professional Services team has helped clients through numerous different types of audits and certifications. Please contact us to today for a complimentary discussion to determine which certification is best for your organization.
For more information about which certification option is right for you, or to learn more about Ostendio’s MyVCM platform, please email us or call 877 668 5658.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.