ISO 27001 – we answer the FAQ’s you’re asking

ISO 27001:2013 is an internationally recognised Standard that sets the framework and maintenance of an Information Security Management System (ISMS). 
If you are considering gaining certification you may be feeling overwhelmed, so take a look at our top 5 FAQ’s…
1. I have been told that ISO 27001 is an IT Standard, is that correct?
No. Information Technology is only a part of ISO 27001, it also includes physical security and HR security, therefore behaviour is a key part of the Standard, hence why it has strict requirements on staff training.
2. Why is it called ‘information security’ rather than ‘data security’?
Because information is much bigger, information is absolutely everywhere around us! It’s not only in technical areas and data processing, but in the discussion’s we have, our email messages and texts, and in our written notes.
3. I’m considering setting up an Information Security Management System, how do I do this? 
There are three options available to you: research and do it yourself; attend a training course; hire a consultant; or possibly a combination of all three!
4. Is ISO 27001:2013 similar to ISO 9001:2015 in terms of complexity?
Both Standards use the 10-clause Annex SL structure but ISO 27001:2013 contains an additional Annex that contains 114 controls so this part of the standard can appear quite daunting when you look at it for the first time. Within the first 10 clauses, some of the requirements are not in ISO 9001, such as a formal and documented risk assessment and a Statement of Applicability which links to the controls in Annex A.
5. My client has asked me to gain certification in ISO 27001 and I don’t know where to start, is there anyone I can talk to for guidance?
A Batalas we have ISO 27001 experts who are only too willing to help you, regardless of whether you invest in our training – simply call us on 0333 700 9001 
Want to know more about ISO 27001?
We offer public and in-house courses, with the option to learn online or in a classroom - 
Enjoy 10% off  ISO 27001 training!   Go to or click the below courses, then use discount code CST21 at the checkout