What is ISO27001?_

19 Sept 2019

Author: Lisette Anink

Information security_

Information security has become an important topic for organizations in recent years. In fact, an article from Gartner says that worldwide information security spending will have exceeded $124 billion by the end of 2019.

ISO27001 is an information security standard that can help organizations with information security. organizations must deal properly with the information business partners, suppliers, and customers share with them, in order to ensure the safety of that information.

Click here to read this article in Dutch

An information security management system_

ISO27001 is an international standard that describes how an organization must manage information security. An ISO27001 certification proves that you have taken the right precautions to ensure and improve the safety of all the information within your organization.

When we dive deeper in the standard, you’ll see that it specifies an information security management system (ISMS). The ISMS is a management framework through which an organization can identify, analyze and minimize risks concerning organizational and customer information. It also prescribes a process in which security is evaluated and improved periodically.

Three steps for risk assesment with ISO27001

For every organization

The ISO27001 standard is applicable to all different types of organizations: profit, non-profit, commercial enterprises, government agencies, small and medium business, and multinationals are a few types of organizations which can use ISO27001 to manage information.

Not only is the ISO27001 applicable to all types of organizations, but it is also applicable to every market/industry (e.g. defense, banking, education, retail, and healthcare.).


In order to show that your organization has a compliant ISMS in place, you can get an ISO27001 certificate. Although certification is completely optional, organizations are increasingly demanding certification from suppliers and business partners.

The certificates are growing in popularity because many organizations are becoming — quite understandably — concerned about the vulnerability of their information.

According to an ISO survey in 2017, the number of certificates increased with about 20% when compared to 2016. The total number of certificates at the end of 2017 was about 40.000.

Compliant or secure?

An ISO27001 certification is certainly a great way to show that your organization takes information security very seriously. But there is still an important distinction to make when it comes to this kind of certificate. Because an ISO27001 certificate says: “we have an ISMS that is compliant” and it does not necessarily say: “we are secure”.

Also, the new ISMS you will implement doesn’t necessarily have to include all departments within your organization, you decide the scope of the new ISMS. For example, you could decide to include your office and HR department but not your marketing department. So, it’s very important to think about which departments need to be included in the ISMS.

So if you — as a client, business partner or supplier — are totally dependent on the security of your information an ISO27001 certificate gives a good indication but does not say your information is totally safe.

Need help with ISO27001?_

Here at Nerd as a Service, we are ready to help you get ready to become ISO27001 compliant. We have already helped numerous other organizations like – Foleon & Hillbrook – with their certification and they were very positive about our work.

Reach out to us if you need help with the ISO27001 certification process and we will look at the possibilities for your organization.

Read more about ISO27001 and our cases: