The Winding Road From ISO 9001 To ISO 27001 Certification

April 10, 2012

Last Updated on January 13, 2024

A potential client asked us if being ISO 9001 certified helped companies achieve ISO 27001 certification.
In order to give the best answer possible, we decided to ask for feedback from a client we helped achieve 27001 certification that happens to be 9001 certified already.
In the response, you will see that having 9001 certification can put a company on the right path, with a head start, towards 27001 – but the road is winding with bumps along the way.
The client offered the following feedback to share with the new company and with our blog readers:

“I’d say it helped us significantly, because some of the requirements are the same in both systems, such as these:

Documentation Requirements (Control of Documents, Control of Records)

Management Responsibility (Management Commitment, Resource Management, Provision of Resources, Training, Awareness and Competence)

Internal Audits

Management Review

Improvement (Continual Improvement, Corrective Action, Preventive Action)

With all of these we were very familiar, in principal, and they just needed minor adjustments to address specific ISO 27001 requirements.
However, the danger is that so much apparent overlap might lead you to believe that you’re mostly done already with 27001, which is NOT true (and we found that out the hard way by still having major shortcomings in our Stage 1 – ISO 27001 audit). Most of the work to get 27001 is actually “hidden” in clauses

4.1 (General Requirements)

4.2 (Establishing and Managing the ISMS)

Appendix A (Control Objectives and Controls)

It took us a very long time to get a handle on these, because there is a lot of detail required, and a lot of technology to back it up.
In short, having 9001 in place is very helpful, as long as you understand that the core of the work for 27001, the actual risk management and technology piece, has nothing to do with 9001.”

As you can see, our client believes that having ISO 9001 certification helped them in the winding road to ISO 27001 certification. However, the trip had its bumps along the way. With our expertise and help – and their dedication to becoming 27001 certified, the project was a success and they crossed the finish line.

What's Next?

To hear this practical, best-practice oriented show with Temi Adebambo

Click Here

Pivot Point is now part of CBIZ. Click Here for more information.

Blog

The Winding Road From ISO 9001 To ISO 27001 Certification

What's Next?

What do you think? Is Digital Business Risk Management the Future of Attack Surface Management?

Search our Blogs

How Much Does ISO 27001 Certification Cost in 2024?

What is Distributed Ledger Technology (DLT) and How Can It Simplify Privacy Compliance?

Virtual CISOs and Community Banks—Perfect Together

What is Hedera Hashgraph and How Does It Solve Blockchain Privacy Issues?

Data Privacy Compliance in Higher Ed: Now is the Time

What is a TISAX Simplified Group Assessment and Who Can Use It?

CMMC Proposed Rule Changes: What’s Changing and How to Prepare

What is Kubescape and Why Should We (as Cloud-Native Developers) Care?

Container and Kubernetes Security: A Nontechnical Introduction

What is a Container and Why are They So Popular with Developers?

What is the New Jersey Data Privacy Law, and How Can We Streamline Compliance?

The EU AI Act: 9 Top Questions Answered

SOC 2 Reports – Which Trust Services Criteria Do You Need?

6 Key Takeaways from the 2023 SOC Benchmark Study

CMMC Proposed Rule: New Guidance on CMMC Level 3

The New CMMC Proposed Rule—Answers to Your Top 9 Questions

ISO 27001 Accreditation: Why It Matters for Cloud Service Providers

How to Measure the Value of Information Security

2 Principles to Revolutionize Security Awareness Training

What is Cyversity and How Can It Improve Diversity on My Cybersecurity Team?

How can we help you?

Services

Compliance

Insights

Pivot Point Security