FAQs about ISO 27001

ISO 27001 is the international standard for information security management systems (ISMS). It provides a structured framework for managing sensitive data and reducing information security risks. ISMS.online helps you achieve ISO 27001 certification faster with our pre-configured platform and built-in best practices.

Yes. ISO does not allow redistribution of the standard. You must purchase it from:

https://www.iso.org

Or BSI Shop if you’re in the UK.
You’ll want ISO/IEC 27001:2022 (current version).

ISO 27001 certification is optional—but often expected by customers and regulators. If you’re handling sensitive data, certification offers a competitive advantage and proof of best practice.

Timelines vary based on your organization’s size and maturity. With ISMS.online, organizations often reach certification readiness in 3–6 months using our Assured Results Method (ARM) and pre-configured content.

Use a pre-configured ISMS like ours. Our Assured Results Method (ARM) and Virtual Coach streamline the work. SMBs often certify in under 90 days.

Typical costs range from £5K–£20K+, depending on your company size, readiness, and whether you use internal resources, a consultant, or a managed service provider.
With ISMS.online’s pre-configured platform, you significantly reduce consultancy and implementation time, keeping total cost and effort low.

We don’t deliver consultancy directly, but we do partner with certified ISO 27001 consultants and MSPs. They can implement the ISMS for you using our platform. You can choose full-service, co-managed, or DIY with our built-in guidance.

No. You only need to implement the ones relevant to your risks—but you do have to justify every inclusion/exclusion in your Statement of Applicability. ISMS.online automates that.

Yes. ISMS.online includes all Clauses 4–10 and all 93 Annex A controls (2022 version) in a structured, linked format—ready for use on day one.

You get:

• Policy templates aligned to every clause and control
• Pre-written controls (mapped to 2022 Annex A)
• Risk register, Asset inventory, Management Review structure
• Statement of Applicability generator
• Templates for internal audit, corrective actions, incidents, and more

All are editable, version-controlled, and audit-ready.

Yes—but you’ll need to map them back to your ISMS and controls. ISMS.online centralizes this with built-in modules for risk and incident tracking, versioning, and audit trails to save time and reduce fragmentation.

Yes. You can run internal audits, track findings, assign corrective actions, and prep management review—all inside the system. No juggling files.

Yes. Our platform is recommended by auditors globally and built to meet ISO 27001’s structure, audit requirements, and evidence trails out-of-the-box.

You’ll receive a nonconformity report. You can fix the issues and still certify later. ISMS.online helps you track and resolve audit findings with corrective actions built in.

Costs vary by auditor and readiness.
Typical ranges:

• SMB: £3K–£10K (audit) + internal resourcing
• With ISMS.online: Less resourcing + faster implementation

We also offer partner-led R-MSP services to spread cost and reduce effort.

Certification isn’t the end—it’s the beginning of continual improvement. You’ll need to conduct regular audits, reviews, and control updates. ISMS.online makes maintenance easy with review schedules, notifications, and dashboards.

No—but we work with dozens of consultants if you want hands-on help. Our platform is built for self-starters and service-led approaches (R-MSP ready).

With ISMS.online you can:

• Add consultancy via one of our trusted partners
• Use our Virtual Coach for step-by-step guidance
• Access implementation roadmaps and best-practice packs (ARM, ISO 27001 toolkit)