top of page

ISO 27001:2013

Information Security

ISO 27001:2013 is a framework for an Information Security Management System (ISMS) to manage your organisation’s sensitive information to make sure that it stays secure. This involves identifying and managing the risks around your people, processes, and IT systems.

ISO 27001 certification shows that you operate to this international best practice for information security management.

Generally speaking, most organisations and businesses will have some form of controls in place to manage information security. These controls are necessary as, in recent times, information has become one of the most valuable assets that a business owns.

ISO27001 requirements are about how well these controls are organised and monitored. Many organisations introduce security controls haphazardly: some are introduced to provide specific solutions for specific problems, whilst others are often introduced simply as a matter of convention.

Such a random security policy will only address certain aspects of IT or data security, and can leave valuable non-IT information assets like paperwork and proprietary knowledge less protected and vulnerable. The ISO 27001 standard was introduced to address these issues.

How to get ISO 27001:2013 Information Security certification


An ISO 27001 Information Security Management System gives you a world-class framework to operate within, and we will help you to achieve ISO 27001 requirements in an innovative way by showing you how to examine what you already do as an organisation and fitting this around the standard, rather than making you change established ways of working to fit in with a set view of the standard.

We will show you that the ISO 27001 compliance process can be quite straightforward by:

  • reviewing the arrangements you have and identify what else you need to achieve ISO information security certification;

  • formulate a plan to address any gaps between what you have and what you need;

  • help you to develop any policies, procedures and processes required in support of your information security management system;

  • show you how to identify and evaluate the aspects of your business that can impact on information security;

  • show you how to conduct internal audits of your organisation.


There are a whole host of benefits to putting in an ISO 27001 management system, such as:

  • Demonstrating credibility when tendering for contracts

  • Showing you are taking cyber security threats seriously

  • Avoiding penalties and financial losses due to data breaches

  • Removing the need to complete detailed security questionnaires on supply chains

  • Giving yourself a proven marketing edge against your competitors

  • Meeting increasing client demands for greater data security

  • Protecting and enhance your reputation

  • How long does it take to get certification?
    We will put you in touch with one of our ISO experts who have extensive experience implementing business management systems, and will provide you with the relevant support for implementation of ISO requirements. They will help you to implement the different tools needed to comply with your chosen standard(s). When your systems are ready to be audited (i.e. they all comply with the requirements of the standard or standards you are implementing) AAA will undertake an audit to award you certification which is accredited through the ASCB, one of the leading international accreditation bodies in the world.
  • Why should I get certification from AAA?
    The fact is that any company can audit you and give you a piece of paper saying that you are ISO compliant (to whichever standard) but frankly this does not mean very much. For credibility, you should find an accredited Certification Body. This is where AAA comes in, and this means that we, in turn, have been audited by the Accreditation Service for Certifying Bodies, or ASCB. This will ensure that you get ASCB accredited certification.
  • How much will it cost?
    In reality, the actual price depends on the size, complexity and risk exposure of your company and, of course, which standards you are looking to achieve. After getting this information, our audit costs are calculated on a 'whole of job' basis. This means that you pay one price - our quotation - and no other additional costs, such as day rates, auditor travel and accommodation expenses, administration fees, etc. It's also important to take into account something called the certification cycle (see the following tab for this in more detail). But to get your initial certification, as well as the size and complexity of your organisation, there is the consideration of how many standards you are asking us to audit. One standard could be as few as two days, and then would increase to three days for two standards, then four days for three standards, etc. Just get in touch for a no-obligation quote.
  • What is the Certification Cycle?
    It's important to recognise ISO certification is not a single event, but rather an ongoing process that ensures your business complies with the requirements of its chosen standard. The certification cycle is a three-year programme which starts with the Stage One audit. We investigate whether or not you have successfully managed to comply with the proposed scope and the targets you have set for your company. While this may show up some weaknesses and areas for improvement, this process is designed to be constructive, preparing you for the Stage Two audit. Typically around 30 days later you will then have a Stage Two audit. This confirms that your processes and systems are free from nonconformities. Again, we will evaluate your performance and efficiency and make the recommendations for certification. There may still be a need to address nonconformities following this audit, but it's at this point you get your ISO certification. The following two years will see annual Surveillance Audits by us. During these, all the elements covered in the Stage Two audit are re-assessed with a view to ensuring that all the original systems and processes are operating as specified and producing the correct outcomes. Following these two years of Surveillance Audits, you will then get a Recertification Audit. Your ISO certificate is valid for three years after its initial issue. Recertification requires you to undergo an audit similar to the initial auditing process without the need for a Stage One audit.
  • Why should you use AAA?
    We pride ourselves on giving you the following: A simple yet highly effective management system to implement, which will add genuine improvement to the way you operate A cost-effective solution to certification - we use easy-to-understand, upfront and highly competitive pricing Our ongoing audits are centred around improving your business, not simply telling you what you already know about your organisation We are here help and advise, and to show what is necessary to ensure that your systems will reach the required level for certification, showing you how to meet the various requirements. You can also spread the cost by choosing to pay in simple monthly or quarterly instalments which we can set up to suit you - there's no interest charges, it's simply a recognition of the fact that some businesses may struggle with cashflow, so we're making it as easy as possible in order to lighten your load.

Maureen Makanza,

Managing Director,

Hive Occupational Health

Working with AAA has been fantastic. They are tremendously positive and focussed on getting us certified

IMG_7837 gary.jpg

Gary Durham,
Quality Manager,
TR Fabrications Ltd

They fully understood the workings of our company so that we had a system which truly fitted us

Screenshot 2021-11-15 at 13.12.04.png

Paul Gerrard O'Donohoe,
Managing Director,

They approached the certification process form a standpoint of real-world business benefits

bottom of page