AvISO is an industry-leading expert in ISO 27001 and Information Technology Security Techniques Management Systems. With offices in London, Kent, and Ireland, we provide global Consultancy, training & Software solutions to support sole traders to multi-national organisations to ensure they achieve the most from their UKAS Accredited Certification to ISO 27001:2022. 

We have produced a series of articles explaining how the specific controls work in Annex A of the standard and guidance on how they should be implemented under 'The Controls' section.

ISO 27001:2022 is an international standard that provides a framework for information security management. It sets out requirements and best practices for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS) to protect sensitive information and assets.

Implementing ISO 27001:2022 can bring several benefits to organisations, including improved information security, enhanced customer trust and confidence, better compliance with legal and regulatory requirements, reduced risk of data breaches and cyber-attacks, and improved business resilience and continuity.

Information security is a critical concern for organisations of all types and sizes, especially in today's digital age, where cyber threats are increasing in frequency and sophistication. ISO 27001:2022 provides a comprehensive framework for managing information security risks, ensuring the confidentiality, integrity, and availability of sensitive information and assets, and demonstrating compliance with legal and regulatory requirements. Implementing the standard can help organisations to protect their reputation, avoid financial and legal penalties, and achieve a competitive advantage.

AvISO Consultancy is the first in our industry to offer a quick and easy online quote for gaining ISO certification for ISO 27001. For a small business to gain UKAS accredited certification can cost approximately ￡3,000 to ￡25,000+, a considerable sum to pay out over a short period.

We’re very proud to be able to offer a monthly subscription that covers certification, consultancy and software costs. This cost is spread out over three years and provides you with the support and tools you need to gain UKAS-accredited ISO certification with no hidden charges Get Your Quote Here.

• With the right preparation and a good understanding of what is required for ISO 27001 certification, most organisations can expect to achieve certification within 3 to 6 months, depending on their size and complexity.
• This process starts with developing the management system, followed by Internal Audits to check for any gaps that would not meet the requirements of the standard.
• Stage 1 audit is completed by an independent UKAS-accredited certification body that assesses the documentation produced for the management system to ensure it meets the requirements of the ISO 27001:2022 standard.
• Stage 2 audit is your main assessment that, assuming you pass - which is determined by the extent to which the ISMS conforms to the standard – awards your certificate.  

Yes, ISO 27001:2022 can be integrated into an organisation’s existing management system, such as an Integrated Management System (IMS) that includes other standards like ISO 9001 (Quality Management System) and ISO 14001 (Environmental Management System). This can help to streamline the management of various systems and processes, reduce duplication of efforts, and enhance overall efficiency and effectiveness. The Annex SL framework that is common to many ISO management system standards also allows for easier integration of different management systems. However, it is important to note that the requirements of ISO 27001:2022 may have unique considerations that will need to be addressed during the integration process.

Yes, you can. However, it is worth considering the time and cost of a workforce required to set up an ISO standard versus an external management consultant providing guidance and support to ensure conformity and certification. An ISO consultant can give regular expert advice and help set up and maintain an ISO 27001 Information Security Management System. A third-party certification body will independently audit your management system for conformity to the standard.

• UKAS is the ‘United Kingdom Accreditation Service,’ recognised by the British Government to assess the competence of auditing bodies that provide certification, testing, inspection, and calibration services. UKAS audits certification bodies: such as ISOQAR, BSI, NQA and QEC to ensure compliance. Many businesses are caught out by certification bodies promoting ISO certification without UKAS accreditation. Unfortunately for these businesses, potential contracts can be lost when clients realise the QMS is not valid and may need to recertify with a UKAS-accredited certification body. Due to the conflict of interests, BSI, QEC etc, cannot offer guidance, so if you are offered consultancy and accreditation, please proceed cautiously.

ISO 27001:2022 certification is valid for a period of three years from the date of the certification audit. However, the certification is subject to annual surveillance audits to ensure that the organisation’s Information Security Management System (ISMS) remains compliant with the standard's requirements and is effective in managing information security risks. These surveillance audits are usually conducted by the certification body to assess the ongoing performance of the ISMS and identify any areas for improvement.

At the end of the three-year certification period, the organisation must undergo a recertification audit to renew the certification. The recertification audit is similar to the initial certification audit and involves a comprehensive assessment of the organisation’s ISMS against the requirements of ISO 27001:2022. If the organisation successfully meets the standard's requirements during the recertification audit, the certification will be renewed for another three-year period.

There are no limits or restrictions to the size or type of organisation wanting to improve by using the ISO standard.

Not necessarily. The most cost-effective way would be for your organisation to have an umbrella system whereby all the sites would have to prove that the management system is being followed. A presentation certificate for each site can be issued to ensure conformity to the standard across all your sites. If more than 5 sites, they will apply a sampling approach to the audits; they will need to see all the sites over the 3-year cycle of the audit.

Research to support the improvement and effectiveness of the organisation’s management system would be best practice; implementing the ISO 27001:2022 Information Security Management System is the foundation upon which to build.

Speak to your clients about what they require, and get in touch with consultants like us to give advice on each standard.

• We provide innovative and practical solutions
• AvISO have an industry-leading reputation and a 100% certification success rate with the UKAS accreditation service. All our consultants are certified lead auditors and experts in their field for providing a first-class service.
• We are experts with over 10 years' of experience in guiding businesses to success.
• We practice what we preach – proudly ISO 9001, 27001 and Cyber Essentials qualified.
• Our client-focused approach focuses on creating value for your business, not simply ticking clauses off a checklist. You can view our <clients testimonials> and <case studies> here.

The ISOva Toolbox is a bespoke online tool designed by AvISO to record your management system data and information. It is used as an integral part of maintaining all aspects of your quality management system. Designed by leading ISO consultants ISOVAs intuitive User Interface, facilitates easy navigation of your ISMS and provides a real-time dashboard where you can track progress towards KPIs (key performance indicators), Objectives and Corrective Actions.

Based on their education, skills, and knowledge from senior management, competent persons are recommended to work alongside our management consultants to maintain your management system. Varies from company to company, but whoever has a good working knowledge of the organisation and is given the resources to get the job done.

ISO standards are designed in such a way that they can be adapted to any organisation, regardless of size.  If you are considering implementing an ISO Management System, all the requirements of the relevant standard will need to be considered by the company or organisation in question and addressed as part of your system.  Therefore, this requires an in-depth analysis of the organisation, including its context, interested parties, roles and responsibilities, legal and contractual obligations, risk environment, scope, number of employees and sites under the system’s remit.   As such, there is quite a bit of detailed information specific to each organisation that needs to be considered. AvISO can assist with advising organisations that may need additional support in this regard.

Most, if not all, of the necessary information can be securely gathered and shared online through SharePoint. This is a secure method of safely sharing and updating documents online to maintain and support your management system.

A legal register is a document or system that details legislation and regulations that your organisation must comply with due to its activities. The legal register becomes an essential resource for your organisation to refer to what you must do to ensure legislative compliance.  It is important to highlight that the legal register is provided as a guidance tool for clients to utilise, and AvISO is working consistently to ensure it is kept up to date with changes as they are issued, however, it is always advisable for organisations to seek appropriate legal advice on their specific legal obligations and responsibilities, to ensure requirements are met.

It can vary when calculating how many days are required. Things to consider are the size of the organisation, the number of sites under the scope and the complexity of the management system. As a guide, it can take between three to six months.

Yes, AvISO provides short training courses called Toolbox Talks about Management Systems. The courses are designed to give each clause a general understanding and further information.

Our consultants are certified lead auditors and are experienced in implementing not only ISO 27001:2022 but many other ISO standards, such as Quality, Health and Safety, and Environmental.  We have dedicated Consultants for each compliance area who can support and advise you across multiple compliance areas.

Our expert consultants are always available for help and advice. Regular visits and communication can be arranged together with an internal audit program agreed upon as an ongoing AvISO consultancy service.

An Information Security Management System (ISMS) is a systematic approach to managing an organisation's information security processes, policies, and practices.

The standard specifies a set of security controls in Annex A. However, the choice of controls depends on the organisation's risk assessment and security needs.

ISO 27001 certification is typically valid for three years. Organisations must undergo regular surveillance audits during this period and recertification when it expires.