Most common questions about ISO 27001 certification

Learn what you need to successfully get ISO 27001 certification from our founders & security compliance experts.

ISO 27001:2022 Free course

Here are 9 short videos that simply explain the essence of ISO 27001. Learn today which documents you need and how to get certified in weeks instead of months!

Fabiola and Branco are information security experts and created Secfix to help founders around the world to protect their data and information. Learn from them how to get certified quickly.

Chapter 1. What is ISO 27001

What is ISO 27001?

ISO 27001 is the international standard for information security. Its framework requires organisations to identify information security risks and select appropriate controls to tackle them.

It lasts for 3 years, assuming you pass surveillance audits in the second and third years.

What is an ISMS?

An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data.

When do I need an ISO27001 certification?

ISO 27001 certification applies to any organisation that wishes or is required to formalise and improve business processes around information security, privacy and securing its information assets.

Chapter 2. How to get ISO 27001

What are the ISO 27001 controls?

ISO 27001 controls are the best practices you follow to ensure info security. They refer to specific actions, practices, or mechanisms employed to address information risks, covering potential weak points.

How long does it take toget certified?

The ISO 27001 implementation process will depend on the size and complexity of the management system, but in most cases, small to mid-sized organizations need to account that it will take at least 12 months.

It’s a lot quicker with Secfix. The fastest we’ve gotten a company certified is 5 weeks. Also, it's less expensive than paying a consultant all year long too.

What documentation isrequired for ISO 27001?

From risk assessments to 20+ security policies, from information asset inventories to incident response plans. You can find the whole list ISO 27001 Annex A controls here.

Chapter 3. Automate your proccesses

How does Secfix help?

We automate the process. We integrate with your IT infrastructure and leverage these connections to automatically collect evidence, identify gaps and show you how to address them.

We also provide you with your own Customer Success Manager who holds your hand through the process, with weekly check-ins to help you along your journey.

Does Secfix also conduct audits?

We don’t carry out the main ISO 27001 audits for you. We have the largest network of partner auditors in the EU, and we help you access discounted rates with them. We help you collect quotes from our network and advise you on the best fit for your company.

How much does it cost?

For a company of up to 50 employees, an ISO 27001 audit can cost anywhere between 5-10K Euros. Beyond that, quotes tend to increase incrementally.

In terms of the Secfix fee, we have a range of packages tailored for small companies. We’re happy to provide you with a personalised quote if you're interested. You can contact us here.

Book your free consultation with Secfix

In the first consultation with our experts you will learn...

when and why your company needs ISO 27001

how you can automate the process for ISO 27001 certification with Secfix

how you can run Secfix in your company