Organizations are becoming more and more dependent on external service providers for their daily operation. Think about:
- Software development
- Cloud services
- Software as a Service (SaaS)
- Hosting services
- Telecom, VOIP and videoconferencing
- Platform as a Service (PaaS)
- Network architecture and maintenance
- Infrastructure as a Service (IaaS)
In some situations, such as healthcare, these services can even be seen as mission critical.
Advantages of ISO 27001 certification
If you are a provider of such services, achieving external certification will provide certainty to your clients that information security is on top of mind in all processes of the organization. Not only in the design and development of services and products, but also the hiring and screening of employees that perform these services.
In the last decade, ISO 27001 has developed itself into a globally recognized baseline for information security. Compliance is often requested during (government) tenders and procurement. Advertising your organization has achieved ISO 27001 certification has also proven to be a commercial advantage.
Industry specific standards
Depending on the markets in which you are active, industry or government may require you to implement or even certify to additional standards, such as:
- ISO 27017 (cloud security)
- ISO 27018 (privacy protection)
- VDA TISAX (for suppliers in the automotive industry)
- PCI-DSS (payment card industry)
- BIO (information security baseline for Dutch government bodies)
- ISAE 3402 or SOC 2
Advantages of Instant 27001
Implementing ISO 27001, or any of the above mentioned standards, can seem a daunting task at first. The ISO documentation is designed to be generic and does not provide guidelines or samples.
As a result, it is tempting to resort to commercially available template sets. Most of these kits are designed to be applicable to all kinds of organizations, verticals and regions and as a result, contain too much bloat.
Instant 27001 is developed as a lean and mean approach towards ISO 27001. The supplied sample content is written with IT service providers in mind, so it requires very little imagination to make the necessary modifications (if at all necessary).
Some examples of service providers that Instant 27001 has helped, include: