ISO 27001

Are you looking to expand globally?

What is ISO/IEC 27001:2022 ?

ISO 27001 is an international security standard that structures your ISMS (Information Security Management System). This certification was established by the International Organization for Standards (ISO), an international standard-setting body that facilitates common standards across nations. 

Benefits for Achieving ISO 27001:

  • Access to customers worldwide
  • Your company receives an actual certification instead of compliance report
  • Builds security-by-design culture & reduces the risk of a security incident
Our Process
  1. Scope & Roadmap (in as little as 30 minutes!)
  2. Risk Assessment & Gap Analysis
  3. Policy & Governance
  4. Technology & Process Implementation
  5. Evidence Collection & Reporting
  6. Internal Audit Review & Reporting
  7. Submit all evidence & documentation to external auditor
  8. Continuous Maintenance & Monitoring
Industries
  • Data Centers
  • Healthcare
  • Manufacturing
  • Managed Service Providers
  • Software & Technology

Frequently Asked Questions

How often do you need to certify?

Certification lasts for 3 years, however, there must be an annual “surveillance” audit that ensures your security controls are still in place for ISMS.

How much does ISO 27001 audits costs?

The external audit can cost an average of $15,000 annually, but can range from $5,000 to $50,000 annually.

What is the main goal of ISO 27001?

The main goal is to prove you have a good ISMS in place to protect your data & your consumer’s data.

When do I have to implement the 2022 update?

Starting April 2024, companies that are certifying for the first time have to support the 2022 updates. Companies that are already certified & within surveillance years, have to transitioned completely on the 2022 certification in October 2025.

How can SAM help with internal audit?

We will be able to review, recommendation, document & complete risk assessments on your behalf, so that you will not have to hire a full unbiased staff or get a bunch of nonconformities. Internal audit is required. Internal audits should occur at least twice annually.

Thinking about ISO certification?

Let’s get you a free assessment.

Get started