Day 1: Cyber Essentials - The starting block
Cyber Essentials forms the baseline of any information security program. If you can reduce 80%+ of the risk with just 5 control areas, that's where you should focus your initial efforts.
Using our platform for Cyber Essentials certification can usually be achieved in a day or two and we'll certify you in 24 hours. Now that's a quick win!
Month 1: IASME Governance - The stepping stone
IASME Governance with GDPR readiness is your next step. This takes a bit more implementation work which we detail here: GDPR certification.
IASME Governance can be considered an SMB friendly ISO 27001. It doesn't require an exhaustive audit or months of preparation and reams of documentation to achieve.
The control areas map directly over so you've already got the measures in place ready for ISO. You can confidentially say you've got controls implemented, are certified to a recognised standard and are working towards ISO 27001.
Year 1: ISO 27001 - The end game
Here is where the burden of proof increases. An auditor will want to see evidence of controls being in place, continuous improvement and internal audit records.
Although we don't automate this yet, we're able to provide you with the documents and guidance to get you started, including recommending a certification body.
If you're interested in seeing us support this natively, let us know!