Information Security company publish steps to ISO/IEC 27001 certification

In regards to information security within an organisation, whether it is the CEO, the owner or Information Security Officer the responsible figurehead should obtain a copy of the standard ISO/IEC 27002 code of practice and read it Svana Helen Bjornsdottir advises. It is a management standard that is essentially an overview of the best practices to ensure integrity and confidentiality of business data.

Svana Helen Bjornsdottir, CEO of Stiki, is an ISO/IEC 27001 Certified Lead Auditor, Consultant and Trainer has many years of experience helping companies implement management systems. Bjornsdottir has recently published guidelines for small companies on how to achieve ISO/IEC 27001 certification.

For information security within any business or organisation, it is important to understand risk management standards and procedures. Compliance with the ISO/IEC 27001 code of practice is essential to the safety and availability of a company’s business data.

“Risk Assessment is only one part of three steps required for a full implementation of ISO/IEC 27001. The other two are Business Continuity planning and development of an Organisational Manual such as procedures, processes and policies” Bjornsdottir said

Due to this the guidelines have been published in 3 steps with each focusing individually on these main concerning areas; Risk Management, Business Continuity Management and Workflows, Processes and Policies.

To read the step-by-step guidelines to ISO/IEC 27001 certification and for more general information about Stiki visit