ISO 27001 implementation – ISO 27001 internal audit

The ISO 27001 standard

ISO/IEC 27001 is a risk-based information security standard that defines requirements for organisations. The latest version of the standard was published in 2022 and is available in Hungarian as the MSZ ISO/IEC 27001:2023 standard. Although ISO 27001 is not mandatory, it is applicable to all organisations, regardless of their size or industry.

What are the benefits of getting the ISO 27001 certification?

Benefits of obtaining the ISO 27001 certification:

• Credibility: ISO 27001 certifies that the organisation meets the information security requirements of the industry.
• Competitive advantage: The ISO 27001 certificate can increase the competitiveness of the company in the market.
• Risk mitigation: The ISO 27001 management system helps to reduce information security risks.
• Customer confidence: Customers and partners have more confidence in working with organisations that have ISO 27001 certification.

Who may be required to obtain the ISO 27001 certificate?

ISO 27001 certificate may be required for:

• All sizes of companies.
• Organisations that process sensitive data (e.g. (e.g. customer data, financial information, etc.).
• Companies in international business relations.
• Those whose parent company or supplier requires ISO 20001 certification.

RSM’s ISO 27001 services

During RSM’s ISO27001 related services our ISO 27001 experienced specialists support your preparation to comply with the requirements of the standard.

Our specialists are Certified ISO27001:2022 Lead Auditors and are familiar with certification organisations.

RSM’s ISO27001 services include the following activities:

• Implementation: During the implementation of ISO 27001, we help the organisation to develop an appropriate management system.
• Advisory: We support the implementation and optimisation of a management system in accordance with ISO 27001.
• Internal audit: We check the effectiveness and adequacy of the management system during the mandatory independent internal audit required by ISO 27001 standard.

Main milestones if the ISO 27001 implementation process:

1. Preliminary assessment: The first step is to assess the current state of the organisation. We identify the information security risks the organisation faces and what resources are needed to prepare for compliance with ISO 27001.
2. Management commitment: Management support is essential. Management must commit to the implementation of the management system ISO 27001.
3. Development of a project plan: We prepare a detailed project plan that includes the steps, timelines and people responsible for implementing ISO 27001.
4. Developing an information security policy: We define the information security policy, which forms the basis for the development of the management system.
5. Risk assessment and management: During the risk assessment in accordance with ISO 27001, we identify risks, assess their level and develop an appropriate risk management action plan.
6. Development of policies and procedures: We prepare policies and procedures for information security practices.
7. Training and awareness-raising of employees: We provide training for employees regarding the ISO 27001 management system and information security.
8. Internal audit and review: The organisation must carry out an independent internal audit to verify the effectiveness of the management system and then correct the deficiencies identified prior to certification audit.
9. Certification audit: The final step is to obtain the ISO 27001 certificate.

Renewal of the previous ISO 27001 certification

In case an organisation already has the ISO 27001 certificate and it was obtained according to the previous 2013 version, and would like to continue to have an ISO 27001 certificate, it must meet the requirements of the new ISO 27001:2023 standard.

It is important to note that these companies must upgrade to the new ISO 27001 by October 2025.

For this, we recommend RSM's ISO 27001 GAP analysis service, which identifies areas where the organisation needs to improve. During the renewal process, we can help organizations to correct the identified differences.