ISO/IEC 27001: Information Security Management System (ISMS) Certification
Get certified and trained by the experts at LRQA
Protect your information
For any organization – regardless of size or sector - ISO/IEC 27001 provides a strong foundation for a comprehensive information and cyber security strategy. The standard outlines a best practice ISMS framework to mitigate risks and safeguard business-critical data through identification, analysis and actionable controls. Accredited ISO 27001 certification demonstrates that you have the processes and controls in place to defend your organization’s information – and that of your customers – against an increasingly complex threat landscape. Check out the Frequently Asked Questions about the standard and our offerings.
ISO/IEC 27001:2022 has now been published
On 25 October 2022, the new version of ISO 27001 was published – marking a new era of information security best practice.
ISO/IEC 27001:2022 has now been published
Our ISO/IEC 27001 services
Our auditors are well-versed in assessing against ISO 27001, helping you to ensure that your information security systems align with the latest requirements and guidelines. We go beyond providing certification services with our industry-leading training programs which have been designed to upskill your team.
Training
Build your knowledge of ISO 27001 with a range of courses designed for different experience levels.
Gap Analysis
An optional service where one of our expert auditors will help you identify any critical, high-risk, or weak areas of your system prior to your formal ISO 27001 audit.
Accredited Certification
An independent two-stage process that provides a clear statement of your capabilities – helping you win new business and build trust with stakeholders.
Integrated audits
If you’ve implemented multiple management systems, you could benefit from an integrated audit and surveillance program which is more efficient and cost-effective.
A 360⁰ approach to information and cyber security
Our deep technical insight and expertise, supported by our extensive cyber security portfolio, enables us to work collaboratively with your business – helping you identify the specific threats you face before providing solutions to mitigate them. We can certify your systems, identify vulnerabilities, and help prevent attacks and incidents that could impact your brand integrity, finances and operations.
Our gap analysis services
ISO/IEC 27001:2022 Management Workshop
Designed for management, decision makers and risk owners, this one-day workshop converts the ISO 27001 standard into specific, measurable, achievable, relevant, and time-bound (SMART) activities and objectives which can be incorporated into a project or business-as-usual activities.
Upon completion, you will receive an ISMS scope of certification which can then be used as part of clause 4 of the standard, and onwards, within your management review and other related processes.
The workshop includes ideas for engaging the rest of your organisation as well as demonstrating how any work you may be doing for other security or compliance regimes (such as PCI DSS) can be incorporated into your ISO/IEC 27001:2022 ISMS.
Information Security Management System (ISMS) review
This review is centred around the standard’s core requirements and is designed for top management, decision-makers and risk owners. It will determine your organisation’s compliance with clauses 4 to 10 in ISO/IEC 27001:2022 and provide you with a tailored roadmap, specific to your business’s objectives, to achieve full compliance.
Security Control Review
Our experts will use a combination of substantive and compliance methods to assess your security controls against the ISO/IEC 27001 Annex A Controls, with the help of ISO/IEC 27002:2017. This review will look across your entire organisation and provide you with an indication of your security posture and risk levels as well as providing you with the ability to create SMART activities/objectives to address those risks. Other key outputs include a Statement of Applicability (for clause 6) and the creation of an implementation roadmap.
Our implementation support services
Risk Management
Risk management is at the heart of ISO/IEC27001. Working with you, we create a risk management system that incorporates the requirements of the standard and is tailored to your organisation. The risk management system will be incorporated into your ISMS and will underpin a risk assessment process (including information security risk assessment and risk treatment) which is required for certification alongside your Statement of Applicability.
Third-party Risk Service
Third-party risk management is crucial for safeguarding your data and meeting the ISO 27001 standard. Our experts will work with you to determine your third parties’ risk levels and design an assessment process to manage these. We can also support you by completing risk assessments on your behalf and reporting any risks to a risk owner, within your organisation, with suggested remediation activities.
Internal Audit Service
Internal auditing serves as a cornerstone for maintaining the integrity and effectiveness of your information security management system. By conducting regular internal audits, you not only identify areas for improvement but also ensure alignment with ISO 27001 standards and regulatory requirements.
Our team can seamlessly step in to perform thorough internal audits on your behalf, ensuring compliance with clause 9.2 of ISO 27001 and fostering a culture of continuous improvement. With our assistance, you can confidently navigate the audit process, identify improvement opportunities and maintain your commitment to information security excellence. As your familiarity with the standard and processes improves, you may choose to bring this in-house or retain LRQA to deliver this core element of the standard on your behalf.
Our ongoing support services
Integration Workshop
We know that maintaining multiple, competitive and viable certifications can be complex and challenging, especially during change. Our experts deliver proactive, actionable guidance that ensures governance and compliance become a strategic asset rather than a daunting task.
As part of our integration workshop, we will review each of the compliance regimes you operate and identify how each can benefit the other, whether through rationalisation of documentation or increased cross-assurance activities. We will then produce a set of recommendations on how you can align the different management systems and compliance regimes across your organisation in a practical way to result in stronger assurances, greater repurposing of your management systems and/or lower effort to manage.
Certification Support and Chaperone
We know that business change is constant, whether it be changes to your workforce, changes in strategic direction or changes to your structure. On top of this, the rapidly evolving regulatory landscape means that maintaining your certification can feel confusing and difficult. We dedicate ourselves to understanding global regulatory requirements across all sectors and markets, providing tailored strategies to help you achieve compliance with them.
Our certification support and chaperone service is tailored entirely to your needs and may include chairing your management reviews or helping review your risk management program. Whatever you need, we help ensure that your business and supply chain remain compliant without sacrificing growth.
Policy and Documentation Support
In a rapidly changing landscape where technology connects businesses across various locations and where data collection, monitoring and analysis have transformative potential, businesses must ensure that their policies align with evolving legislation. Breaching legislation can have significant costs, with large fines for violations and potential reputational damage.
We know that creating and monitoring all your policies is a time-consuming task. Many organisations don’t have the internal experience or knowledge to produce or maintain policies and many struggle to answer policy queries. LRQA can help.
Whether onsite or remote, our experts create a template for your policy documentation and work with you to produce the policy documents for your final review and approval. Where these documents already exist, we can complete periodic reviews at your chosen interval so that you can be sure your business remains compliant, freeing you to focus on driving your organisation forward, securely and safely.
Why work with us?
Global capability
Operating in over 55 countries, with more than 250 dedicated cyber security specialists and over 300 highly qualified information security auditors across the world, we can provide a local service with a globally consistent dedication to excellence.
Flexible delivery
In most cases, our ISO 27001 training and certification services can be delivered on-site or remotely using safe and secure technology. If you opt for our remote delivery methods, you’ll receive the same high-quality service with several added benefits, including flexibility, fast delivery and access to global expertise.
History of firsts
We were the first to receive UKAS accreditation to deliver certification services for a range of standards across the globe. We continue to be instrumental in developing a variety of specific standards and frameworks across different sectors.
Specialist expertise
Our cyber security experts hold multiple vendor certifications and accreditations as well as highly respected industry accreditations from CREST, the PCI SSC, ISC2, BCI, Chartered Institute of IT, and NCSC CHECK.
Are you already certified to ISO 27001 and would like to transfer?
If you hold a valid accredited certificate of approval with another provider and you are considering making the move, transferring your ISO 27001 certification to LRQA is simple. We'll work with you to ensure your transfer is as smooth as possible.
Check out other related certifications
From management systems certification and training, to governance, risk and compliance, we offer 360⁰ services
