3 Expert Tips to Implement ISO Standards More Efficiently

Written by Ivar van Duuren

April 12, 2024

security island
When you start implementing an ISO standard, you need to think about things you need to take care of, such as scheduling an internal and an external audit. If you develop software, you may need to do a pen test to check out vulnerabilities. In addition, you need to decide which people you need (internal and external) and what the whole process will cost.

In short, plenty is coming your way. To support you in this thought process, we give you some tips on how to efficiently get your ISO certification.

1. Implement multiple ISO standards at the same time

A question we often get is whether it is advisable to implement multiple standards at the same time. For example, ISO 27001 (information security) and ISO 9001 (quality). Indeed, this is something you can do fairly easily.

After all, certain standard requirements are common in multiple standards. It is nice if you have software that can just activate such an extra standard. And that can de-duplicate the overlap between standards. Then certain standard requirements automatically apply directly to that other standard.

For example, many of our customers are dealing with the new European NIS2 legislation coming into effect on October 17, 2024. Because of this law, many more organizations than have to take mandatory measures when it comes to information security.

It is not yet entirely clear what this law will specifically prescribe. However, we do see many organizations using this legislation as an opportunity to also implement the ISO 27001 standard. Because if you have implemented ISO 27001, you are 90% compliant with the NIS2 legislation as well.

Is NIS2 relevant to your organization?

The NIS2 legislation is intended for a specific number of industries and types of organizations. There is a list compiled of these organizations and there is also a list of essential organizations from which even more is required.

Another important aspect of the NIS2 legislation is the supply chain. All organizations identified as ‘important or essential’ that must comply with the NIS 2 legislation, must also have suppliers that comply with the law.

In this way, NIS2 becomes relevant to a much larger number of organizations than just those identified as essential. So NIS2 impacts the entire supply chain.

2. Implement an ISO standard simultaneously with other organizations

Another way to work more efficiently when implementing an ISO standard is to do it together with (an) other organization(s). More and more organizations are choosing to go through a certification process in groups.

We offer such a group track through ISO Express a collaborative in which we work with several partners such as Instant 27001, PuraSec, and ESET.

This way, organizations have everything they need at hand: advice, ISMS supporting software, templates, and sample documents. An added benefit is that you can spar with security specialists from other organizations in the same situation. By exchanging experiences, you learn from each other and don’t have to reinvent the wheel alone.

3. Involve employees before, during, and after the ISO process

Many of our customers find it difficult to involve employees in an ISO project. It is often a project that runs alongside normal activities and one has to set aside extra time for it.

Nevertheless, it is essential for an efficient implementation to keep employees involved before, during, and especially long after the process. So that they are aware of everything that needs to be done. And that they can properly carry out their part in the improvements.

Deploying software that promotes cooperation

For example, with good software, you can make it possible for people to keep an overview of their tasks in a place where they are already working. For example, by scheduling tasks in an MS Outlook calendar. Or making documentation such as a code of conduct available through MS Teams. This is what ISOPlanner facilitates.

Because otherwise people who are involved and those who are not, are separate groups. You have to include the entire organization in the process and keep drawing everyone’s attention to their role and what this means for them.

Not only in the period up to certification but especially afterward. Then again, you must have the resources to do that practically and efficiently so you can keep track of all the measures you need to implement and maintain the standard.

More tips about ISO certification?

Feel free to contact us. We would love to talk to you!

Related Articles

How to successfully start with ISO 27001 certification

How to successfully start with ISO 27001 certification

What does an ISO 27001 certification project look like? What internal and external people and resources do you need? And exactly which measures are mandatory (or not)? Co-founder of ISOPlanner Ivar van Duuren explains. ISO 27001 certification in a nutshell To give you...

Expert Tips On ISO 27001 Implementation

Expert Tips On ISO 27001 Implementation

Are you choosing to implement ISO 27001 standards for your organization? In this article, the co-founder of ISOPlanner Ivar van Duuren explains all about the benefits, challenges, duration, and costs of implementing ISO 27001. This way, you know what you're getting...

Sign Up For Our Newsletter

Join over 1.000 ISO professionals for the latest ISO insights