More information about the Underscore mailing list

[_] ISO 27001

Steve Exley steve.exley at
Tue Aug 13 20:43:14 BST 2013

iso27001 is very much suitable for small as well as large organisations.
The standards mandate processes for compliance, but the scope and
individual implementation is down to the company, usually it's much easier
for small companies to achieve as the scope is smaller.

There's a new version in the pipeline 'due' later this year.  In terms of
costs, I'm pretty sure I recently saw a flyer from this organisation
offering fixed price consultancy and certification to companies of less
than 20 employees for £10k.  I've not used them so it's not a

A previously noted on _, 10k is a drop in the hat for the odd government

Better still if you're international.

On 13 August 2013 14:02, Dan Fairs <dan.fairs at> wrote:

> > Like many of the standards it includes a 'scope' and you can choose what
> exactly you want in the 'scope'. e.g. for Netsight we could include the
> office, datacentre or both in the scope. But the certification would just
> cover what is in scope.
> >
> > I've been chatting for a number of months with a very helpful chap:
> >
> > Jason Parker-Smith <jps at>
> > Tel:- 01273 25 28 27
> > Tel:- 07813 818176
> >
> >
> > It is something that keeps falling to the bottom of the priority pile at
> the moment, but we intend to give him another call soon. If you chat to him
> let him know we passed you on to him. He certainly seems clued up and
> willing to chat about what is involved.
> Thanks Matt - we're checking with the client that it is in fact a
> requirement, and if so, I'll give Jason a call and let him know you passed
> us on.
> Cheers,
> Dan
> --
> Dan Fairs | dan.fairs at | @danfairs |
> --
> underscore_ list info/archive ->