This series of blogs has focused on introducing and explaining the ISO27001 accreditation in more detail.
In this final post of the series we shall explain how an organisation can attempt to be as compliant as possible with the ISO27001 standard, even without receiving this accreditation.
Without pursuing ISO27001 accreditation myself, how may I ensure that my organisation is as compliant as possible with the ISO27001 standard?
The best way to ensure that your organisation is compliant with the ISO27001 regulations, is to begin by making sure that as many of your information assets as possible are managed by an ISO27001 accredited hosting provider.
By employing the provision of specific services relating to security in this way, you will not yourself be accredited by association, but are much more likely to ensure that you are acting in accordance with the correct regulations.
Finally you can ensure that your organisation adopts an information security policy that has been approved by an ISO27001 accredited provider. This can then be the strong foundation which may be the source of further direction, policy and procedure in relation to your own, and your clients’ information assets.