Information security top benefit of ISO 27001

ISO 27001 has become the standard of choice to create an Information Security Management System that is robust enough but at the same flexible to tackle the growing number of potential cyber threats that organisations now face.

With the recent introduction of EU General Data Protection Regulation (GDPR) which will be enforced by May 2018, will ensure organisations that collect or process personal data of EU residents are implementing an ISMS that provide security measures to protect personal data from potential breaches.

According to a survey from IT Governance which reviewed organisations implementing ISO 27001 across 53 countries revealed 98% surveyed say that the most important benefit of ISO 27001 was improved information security, while 11% said it improved company reputation and further 8% saw ISO 27001 as a method to be more competitive in their respective markets. The key findings from this report also revealed that 69% surveyed that the main factor for implementing ISO 27001 was to improve their organisations security procedures.


The survey revealed that 36% reported they had no concerns about management buy-in about implementing ISO 27001. 51% of respondents had problems either convincing the board about the importance of information security or securing the necessary budget and resources to implement ISO 27001.

The biggest challenge respondents had about implementing ISO 27001 was obtaining employee buy-in and awareness of the information security standard which came at 41%.

People & Training

Bringing in the right people or upskilling current workforce to effectively implement ISO 27001 proved to be a big challenge in 2016. 39% found it difficult to bring the right level of competence to manage the implementation process.

54% of respondents use external providers of penetration testing providers, while 51% rely on external consultants to help them implement the ISMS. Only 16% of companies employ a dedicated full-time ISMS manager. 19% of IT managers are responsible for the ISMS, while the CISO was responsible in 18% of cases.

Training in implementation and assessing your organisation against the standard proved vital to successful implementation. 51% of individuals managing the ISMS have a formal qualification (e.g. ISO 27001 Lead Implementation/Lead Auditor)

Cost, Time & ROI

Cost and time management are big factors for organisations that decide to go for ISO certification and ISO 27001 is no different. According to the report the average time it took an organisation to complete a project was 6-12 months. In relation to cost it revealed that many organisations did not track implementation costs but where other costs have been tracked the average cost is between €6000 and €25000. These figures vary based on company size and structure.

52% of companies felt that the cost of achieving ISO 27001 certification was fully justified by the benefits it delivers, while 21% felt it was in line with other management system standard implementations. The report highlights how ISO 27001 becomes a factor in acquiring new business. 71% of respondents said they regularly received requests to provide evidence of ISO 27001 certification when tendering for new business.

Based on these findings it is clear 2017 will be another huge year for ISO 27001. Organisations now have less than 18 months to have ISO 27001 in place before GDPR comes into effect. Training will be crucial for your implementation team to fully understand how ISO 27001 will adapt to your organisation and how best to integrate into your management system. The good news is that management are more aware of the dangers of not implementing a ISMS now more than ever so getting the green light is easy. The hard word is actually bringing your fellow colleagues in line with ISO 27001 to make it a success. If you wish to learn more about how you can begin your journey to ISO 27001 and becoming compliant to GDPR contact our team today.

Robert Lyons
Robert Lyons


Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …

Related Insights

How to make small business sustainability a priority

Small business sustainability is becoming a priority in the drive towards Ireland becoming net zero – here’s…

What is circular economy and what does it mean for organisations?

The circular economy is not a new phenomenon. Read our breakdown of what the circular economy is…