FAQs about Compliance

P.s. We know you have a lot, because who really understands compliance? Here are some of the most asked questions for you answered!  

The time it takes to implement ISO 27001 varies depending on several factors, such as the size and complexity of the organization, the level of existing information security controls, and the resources dedicated to the implementation. On average, it takes around 6 to 12 months to implement ISO 27001. But hey, we have good news to share with you! If you are in a rush, you can be ready to get certified in 3 months with our Compliance Guide or in 3 months with our Accelerator Plan. 

The cost of ISO 27001 certification also varies depending on several factors, such as the size and complexity of the organization, the level of existing information security controls, and the certification body chosen. On average, the cost ranges from 5.000 to 50.000, with the main cost drivers being consulting fees, certification body fees, and internal resource costs. This being said, the average cost for small and medium-sized companies is around 10.000€ and 15.000€. 

Compliance is essential for any business – it’s not just a way to demonstrate responsibility to customers and other stakeholders, but also a key factor in ensuring sustainability and profitability. A robust compliance program instills trust and helps to differentiate your business from the competition, making it easier to attract customers, investors, and employees. Compliance is a powerful tool for protecting your business and all of us! 

Non-compliance with regulations and standards can have serious consequences for any organisation, including heavy financial penalties and reputational damage. Such risks should not be ignored or taken lightly; even a seemingly minor infraction can result in costly fines and other sanctions, including possible litigation. It is essential to ensure that all staff are aware of and adhere to any applicable regulations and standards, and that any violations are dealt with swiftly and appropriately. 

An internal audit is a process that helps businesses assess their compliance with laws, regulations and standards. It also helps them identify any areas of weakness or risk that could lead to non-compliance. Someone who is not a compliance officer assigned to a company should usually perform the internal audits. In other words, the internal audit is done independently and objectively, which makes sure that someone can look at all of the documentation and controls with a fresh eye. 

ISO 27001 requires businesses to create the following mandatory documents: a policy statement, risk assessment, internal audit program, and corrective action plan.  

In order to maintain your ISO 27001 certification, you must undergo a three-year audit cycle. Your ISO 27001 certification body will be keeping a close eye on your information security management system or ISMS. 

One of the most important benefits of ISO 27001 certification is the reduced risk of security breaches. With the ISO 27001 certification, potential damages are mitigated, security breaches are less likely, and potential breakthroughs are tracked down and eliminated in the early stages. 

Yes, because an audit also helps you to verify that your ISMS is functioning as it should. 

You can protect your data by adopting best practices such as implementing strong security measures, conducting regular security audits, and adhering to regulations such as the GDPR. 

Since the introduction of the General Data Protection Regulation (GDPR) to the EU in 2018, the number of fines imposed for GDPR breaches has increased significantly. In 2020, the number of fines imposed rose by 39% from the previous year, resulting in a total amount of fines reaching 158 million euros. This increase in fines demonstrates the importance of GDPR compliance, as the potential cost of breaching the regulation is now high.