Habits of successful ISO 27001 certified customers

What do our ISO 27001 certified customers do to successfully achieve their ISO 27001 certification and smoothly pass subsequent audits?

And what can you learn from these habits? Let the following advice inspire you and give you ideas!

‍

How to successfully achieve ISO27001 certification

1. Involvement of executives

When the company's leadership makes the project a priority, it also becomes a priority for the entire team! Every time senior managers show up for meetings about upcoming audits, the team gets the feeling that the company is taking this project very seriously and that it is well on its way. Imagine grandma coming to the family reunion to judge her firstborn grandchild's new boyfriend - it's getting serious, everyone knows how important this is! 

‍

2. Give context to the entire team! 

Our customers are clear from the outset about the value ISO 27001 brings to their business. They ensure within their organization that everyone involved in the project understands the reason for this project. Getting certified is the goal!

A cross-team orientation session helps the entire workforce understand why the company is implementing ISO 27001, what their role is in the project, and what to expect. 

It's like who brings what to the BBQ party and everyone shows up with some age-old family recipe of salads or marinated chicken tenders. In the end everyone is proud of what the buffet looks like. Dig in! 

‍

3. Compliance operating system 

Our customers have a system in place to manage their compliance program. 

This includes:

• Meeting rhythms to ensure everyone is on the same page (e.g., weekly, monthly, quarterly)

• Ongoing spot checks to ensure everything is going according to plan (e.g., checking 1/12th of the checks each month)

• Goals and KPIs tied to the success of the project

‍

4. Be ready for the work throughs: 

Our clients are prepared. When they show up for the ISO 27001 audit sessions:

• They have the right people in the meeting

• They have read the agendas in advance (and already asked questions if they need clarification)

• They have the right information on hand to make the call efficient.

5. Timely submission of audit evidence

The clients of the ISO 27001 audit are aware of the bottlenecks in this project. That is why they always submit the evidence on time.

It is the job of an ISO 27001 auditor to provide clear evidence requirements so that the customer understands what an auditor wants and needs. However, they also recognize that a lot of the work falls on the customer to provide them with the documentation. It's a partnership. Between the customer, the auditors, and in this case: Secfix as the supporting SaaS company.

So it can't hurt to build a respectful relationship with the auditor. Examiners also want to help and ensure that the counterpart passes successfully. 

Like the professors at universities, who were also not really interested in intentionally grading students poorly. Except for a few isolated cases who must have run out of Canadian maple syrup at breakfast.... So, a positive and respectful attitude on both sides has a great impact on the project. That sounds even more like a relationship tip. 

‍

6. Overview:

Our customers make it as easy as possible for those responsible for controls:

• The controls correspond to the actual processes

• Controls are integrated with existing processes

• Controls are automated as much as possible

‍At Secfix, our customers get access to our platform, which helps them extensively.

‍

Maintaining ISO 27001 certification demonstrates that your company has the means and commitment to identify, align and respond to information security risks!

Schedule a consultation with us and use our automated solution to become and stay ISO 27001 compliant.

‍