ISO/IEC 27001 is a globally recognised Information Security standard. The latest version ISO/IEC 27001:2005 details the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS).

The aim of implementing an ISMS is to help you make the information assets you hold more secure, thus reducing the risk of a data breach. This in turn demonstrates good security practices and will enhance your organisation’s reputation.

Autodata provides a full end-to-end consultancy solution for the implementation of an ISMS and can prepare you for your external audit which is required before being ISO/IEC 27001 Certified.

Below outlines the process of obtaining ISO/IEC 27001:

Gap Analysis

A gap analysis provides a high-level overview of what needs to be done to achieve certification and enables you to assess and compare your organisation’s existing information security arrangements against the ISO 27001requirements.


Once you have undertaken a gap analysis and defined the scope for your ISMS, Autodata can provide expert consultancy to help implement the ISMS system. Once the implementation framework has been completed, you will be ready for an internal audit to verify your system. This process will also highlight any areas that may need to be addressed prior to an external audit.

Internal Audit

Following the implementation of your ISMS, an Internal Audit is designed to identify any outstanding areas that need be addressed prior to an external audit by an approved certification body. This is a critical part of the process to ensure you do not fail the external audit.

External Audit

The External Audit is a two-phase process conducted by an approved certification body; Stage 1 assesses that your ISMS meets the required controls and is appropriate to your organisation. Stage 2 takes place once the ISMS has been implemented for a minimum of three months and carries out a detailed review of the systems that are in place. If any non-conformities or opportunities for improvement are identified by the auditor, Autodata can assist with remediation, enabling your ISMS to become certified.

Helping you deal with ISO 27001

Call us on 020 7749 7949