EN|FR
ISO27001

ISO 27001 Guides

Complete guides to ISO 27001 certification, ISMS implementation, and maintenance.

1What is ISO 27001?9 min2Who Needs ISO 27001 Certification?7 min35 Key Benefits of ISO 27001 Certification7 min4What is an Information Security Management System (ISMS)?7 min5ISO 27001 Requirements: Complete Guide to Clauses 4-109 min6ISO 27001 Annex A Controls: Complete Guide8 min7ISO 27001 Compliance Checklist: Your Complete Implementation Guide8 min8How Much Does ISO 27001 Certification Cost?6 min9ISO 27001 Certification Process: Your Complete Roadmap9 min10How Long Does ISO 27001 Take?7 min11ISO 27001 Risk Assessment: Complete Process Guide8 min12ISO 27001 Statement of Applicability (SoA): Complete Guide7 min13ISO 27001 Internal Audits: Requirements and Best Practices8 min14ISO 27001 for Startups: A Practical Guide7 min15Maintaining ISO 27001 Compliance: Year-Over-Year Guide7 min16ISO 27001 vs Cyber Essentials: Which UK Certification Do You Need?8 min17ISO 27001 vs SOC 2: Choosing the Right Framework8 min18ISO 27001 vs NIST CSF: Framework Comparison7 min19ISO 27017 and ISO 27018: Cloud Security Standards7 min20ISO 27701: Privacy Information Management System (PIMS)7 min21ISO 27001 External Audits: What to Expect8 min22ISO 27001 Documentation Requirements8 min23ISO 27002 Explained: A Complete Guide to Security Controls11 min24ISO 27005: Information Security Risk Management Guide10 min25ISO 27018: Protecting Personal Data in the Cloud8 min

Common Questions About ISO 27001

Quick answers to the most frequently asked questions about ISO 27001 compliance.

ISO 27001 is an international certification for information security management systems (ISMS), issued by accredited certification bodies. Unlike SOC 2 (which is a report), ISO 27001 gives you an actual certificate you can display. It's recognized globally and often required for European and government contracts.

ISO 27001 takes 3-4 months, faster than SOC 2 because there's no mandatory observation period. This includes 4-6 weeks for implementation, 1 week for internal audit, and 2-3 weeks for Stage 1 and Stage 2 audits.

Overall pricing depends on scope, company size, and technical setup. Bastion reduces implementation time and overall costs by combining a GRC platform, dedicated security engineer, built-in security tooling, and audit coordination.

An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information. It includes people, processes, and technology, organized around risk management. ISO 27001 provides the framework for building and maintaining an ISMS.

ISO 27001 is designed for any organization and focuses on processes and documentation, while SOC 2 is designed for SaaS and cloud services with emphasis on technical controls. ISO 27001 produces a 3-year certificate; SOC 2 produces an annual audit report.

Organizations with international customers, European or Asian B2B clients, government contracts, or highly regulated industries typically need ISO 27001. French enterprises particularly value ISO 27001 for marketing and procurement requirements.

Control A.8.8 (Technical Vulnerability Management) requires identifying and addressing technical vulnerabilities, which can be satisfied through penetration testing or vulnerability scanning. Most auditors and customers expect pen testing for comprehensive assurance, making it a practical requirement.

ISO 27001 follows a 3-year cycle: Initial certification in Year 1, surveillance audits in Years 2-3, and full recertification in Year 4. Years 2-3 are lighter (3-5 hours vs 15 hours initial effort).

Annex A contains 93 controls across 4 domains: Organizational (37 controls), People (8 controls), Physical (14 controls), and Technological (34 controls). You select applicable controls based on your risk assessment.

Yes, startups often achieve certification faster than larger companies due to less legacy infrastructure and simpler processes. Companies with 5-10 employees regularly achieve ISO 27001 certification.

Ready to get ISO 27001 certified?

Let our experts guide you through ISO 27001 certification. We'll handle the complexity so you can focus on your business.

Talk to an expert