Commercial benefits of ISO27001 for your organisation

• by Olivia Lawlor-Blackburn
• General

One of the toughest parts of implementing ISO/IEC 27001 is getting your senior management to buy into the benefits. If you have ever tried to convince your management to fund the implementation of information security, you probably know how it feels – they will ask you how much it costs, and if it sounds too expensive they will probably say no.

So to build that good business case you need to do your homework first before trying to propose the investment in ISO/IEC 27001 – think carefully about how to present the benefits, using language the management will understand and will endorse.

To help you we have put together some pointers. The benefits of information security, especially the implementation of ISO/IEC 27001:2013 are numerous, but then that’s easy for us to say as we see those benefits in practice within companies like yours every day. But experience has taught us that the following four are often the most important:

Reduce security incident costs
Implementing an Information Security Management System (ISMS) compliant with ISO27001 helps reduce the potential cost of interrupted business due to security incidents such as: fraud, business downtime, legal costs, and fines from regulatory bodies for non-compliance. This also helps organisations avoid the costs of replacing stolen or damaged equipment and compensation payments for unachieved contractual obligations.

Improve regulatory compliance
An ISO27001 ISMS will improve the organisations legal and regulatory compliance position regarding various acts such as the Data Protection Act, Computer Misuse Act and the FOI, thereby enabling the Directors to avoid hefty fines for non-compliance. In local government terms, it also means the organisation meets the required standards for Information Security Governance.

Minimises damage to business
ISO27001 requires Business Continuity Management (BCM) to be considered, planned and tested so minimising business damage from security incidents, which is a requirement as part of the Civil Contingencies Act. The BCM can be one program that supports BS ISO/IEC 27001 and ITIL Incident Response, using the BS 25999 standard framework.

Reduces unacceptable usage
A compliant organisation reduces people-related risks; provides information security awareness within the organisation. Employees become more security conscious which helps prevent unacceptable use by or through staff, contractors, partners and former employees. A compliant ISMS helps senior management enforce appropriate processes and policies to ensure best-practice business activities to prevent unauthorised access, fraud and identity theft.

Other benefits include:
Reduced technology-related risks; safeguards against established attacks; helps identify and reduce poor configuration without risk analysis and reduces the risk of sabotage of data or systems from malicious software. Helps provide a method to work towards continual improvement for data information security. Provides indicators where a business may be at risk through loss of resources, staff, and supplier relationships.

Visit our ISO27001 Homepage for more information on the support we can give you.

To discuss your requirements in more detail please contact us at 0121 559 6699 or contact bestpractice@advent-im.co.uk

Watch our YouTube video on the benefits to your organisation when certifying to ISO27001

Watch our YouTube video on the changes that came into place in 2022 for ISO27001