ISO certifications are known across the world as a way of demonstrating best practice in a number of disciplines, the 27001 is for Information Security.
Though ISO 27001 for a small business may be overly formal, costly and complex, so what are the alternatives if you know you need to take your information security seriously and demonstrate this to your clients?
The Governments Cyber Essentials Accreditation is the perfect starting point for a small business that doesn’t know where to start. It’s 5 areas of compliance cover:
* Boundary firewalls and internet gateways
* Secure configuration
* Access control
* Malware protection
* Patch management
Don’t get me wrong, Cyber Essentials is a world apart from ISO 27001 accreditation, but as a starting point it’s great. It’s not overwhelming or particularly complex, although if you have no IT expertise to call on you will need a little help.
As a Self-Certification this can start from as little as £300, but you can have an independently audited version, Cyber Essentials Plus, which holds more weight as a certification and is a necessary requirement for some Government and Local Authority work.
To continue reading, please click here
