According to ISO, adoption of the information security standard, ISO 27001, in the US has grown significantly over recent years.
Based on media reports, it’s likely that this is due to an increase in the frequency and severity of data breaches, pressure from stakeholders and local legislation, and the rising costs of information security solutions.
In IT Governance’s ISO 27001 Global Report, over 300 respondents have revealed their experiences and offered realistic attitudes towards implementing the standard:
- ISO 27001 directly improves an organization’s information security posture
55% said that the single most important benefit that ISO 27001 brought the organization was improved information security.
- The median length of time for an ISO 27001 certification project is 6-12 months
Project length varies according to the organization’s size and complexity, but responses indicate that the median is 6-12 months.
- Where implementation costs have been tracked, the average cost is less than $26,000
The majority of respondents did not keep track of their total implementation costs. For those who did, the average cost was between $6,500 and $26,000.
- Most companies do not employ a full time ISMS manager
Only 16% of companies employ a dedicated full-time ISMS manager. 19% of IT managers are responsible for the ISMS, while the CISO was responsible in 18% of cases.
- Implementers struggle with key areas of ISO 27001 implementation
Obtaining employee buy-in/raising staff awareness was cited as the top challenge when implementing an ISO 27001-compliant ISMS (41%), followed by securing the right level of competence/expertise to implement the project (39%).
- There is a strong need for external assistance and support
54% of respondents use external providers of penetration testing providers, while 51% rely on external consultants to help them implement the ISMS.
- ISO 27001 delivers ROI
52% of companies felt that the cost of achieving ISO 27001 certification was fully justified by the benefits it delivers, while 21% felt it was in line with other management system standard implementations.
Having the tools, resources, and knowledge at your fingertips can significantly reduce the amount of time and money spent on implementing ISO 27001, which is why we’ve designed a comprehensive solution to simplify implementing an ISO 27001-aligned management system.
Containing official ISO 27000 standards, implementation guides, pre-written documentation, and risk assessment software, the No 3 ISO 27001 ISMS Documentation Toolkit provides a complete solution to implementing the Standard.