Member-only story
A Step-by-Step Guide to Creating an ISO 27001 Compatible ISMS
Getting ISO 27001 certified isn’t rocket science. Use the tools you already have, apply common sense, and you will be fine in any audit.
More and more enterprise customers expect their suppliers to be ISO 27001 certified. Therefore, startups and SMEs need to find ways to deal with ISO 27001 in a lean and modern way.
The core of any ISO 27001 certification is the so-called Information Security Management System (ISMS). In analogy to the Quality Management System (QMS) for ISO 9001, no company can get ISO 27001 certified without an ISMS.
Don’t try to google “ISMS” and hope for a lean and pragmatic solution. There are tons of consultants and tool providers out there who are eager to sell their services and solutions, respectively. Such offerings are geared towards larger organizations; they will overwhelm your startup or SME both in terms of effort and costs.
Instead, I am urging you to use a very simple method to set up your ISMS: common sense. Read the norm, think about what steps are required to become compliant, and implement the steps accordingly. Sounds over-simplified, huh? Read on for a real-life step-by-step experience from a 30-person B2B SaaS company.
