Member-only story

Easy and Affordable ISO 9001 and ISO 27001 Certification

A Playbook for Startups

Tom Vogel
3 min readFeb 13, 2023
ISO 9001 and 27001 seals
Source: author, assembled in Canva

Why Bother with ISO 9001 and 27001 Certification?

More and more customers demand their suppliers to be ISO 9001 and/or ISO 27001 certified. While that might be easy for large corporations, it isn’t so for startups and mid-sized companies.

Nevertheless, as a startup serving enterprise customers, there is no way you can choose. If you want those contracts to materialize, you will have to find a way to comply with all the clauses suggested by the legal department of your new customer.

To illustrate this, here are two examples of customer contract clauses we had to agree to before we were ISO 27001 certified:

“SUPPLIER should be certified against either the SOC 2 Type II framework, ISO 27001, (or an equivalent level of certification as agreed with CUSTOMER), and shall provide evidence of its certification in due time. The certification will be finalized by the end of 2021.”

“SUPPLIER must also provide proof of currently valid, internationally recognized certification in accordance with the ISO/IEC 27001 standard. SUPPLIER is currently undergoing ISO 27001 certification, expected date of stage 2 audit May 2021. In case the stage 2 audit should fail, the provider will immediately inform CUSTOMER.”

Nowadays, after our ISO 27001 certification, we can just tick the box when customer contracts contain clauses such as the example below:

“SUPPLIER has robust internal information security policies and procedures based on ISO 27002 at minimum, or be ISO 27001 certified.”

Because no startup’s core business is getting ISO 9001 or 27001 certified, startups need to find a way to deal with ISO 9001 and 27001 in a lean and modern way.

Don’t try to google “ISO 9001” or “ISO 27001” and hope for a lean and pragmatic solution. There are tons of consultants and tool providers out there who are eager to sell their services and solutions, respectively. Such offerings are geared towards larger organizations; they will overwhelm your startup both in terms of effort and costs.

--

--

Tom Vogel
Tom Vogel

Written by Tom Vogel

Practical insights on entrepreneurship & resilience. Subscribe: https://tomvogel.kit.com/resilient-entrepreneur

No responses yet

Write a response