A multitude of factors contribute to obtaining the ISO the certification. Depending on the size of your team, the complexity of your IT Infrastructure and the time that you are willing to put into it. A call with one of our Lean Compleye Designers can help you identify a realistic timeline.
Simply put, corporate compliance means having internal policies and procedures designed to prevent and detect violations of applicable law, regulations, rules and ethical standards by employees, agents and others. It involves legal risk management and internal controls.
Always remember that it is much easier to become compliant as a small company and that you do not need to have a person on your team in charge of Security & Privacy to become compliant.
Answer: No, a certification body who is a member of the International Accreditation Forum (IAF), and additionally ISO/IEC 17021:2015 certified, will issue the certification. Compleye support you in your challenge by providing tooling (compleye online) and services (Sessions).
If you are a Startup or Scaleup, your corporate customers will require that you need to meet some of their own standards. However, you do not need to copy they way they are organizing their compliance. The Lean Compliance Approach of Compleye is focussed on digital, data and visuals, to make compliance less complex and more embedded in your organization.
You just need to negotiate which standards you need to have in place and you can define how to organize this.
If you are a B2B company, with a your own developed product, the first requirement will be ISO27001 – International standard for Cybersecurity. This covers topics from Business, Legal, IT Infrastructure, Development and Security organization.
We call it your licence to operate – and will ensure that you professionalize and embed your security in the heart of your organization.
The ISO27001 external costs for certification are approx.. 8-10 KEuro , depending on the size of your company (max 10 fte) and the complexity of your IT Infrastructure. This fee will be paid to an Audit Certificate Company and last for 3 years. Next to that you will need to design and implement your ISO27001 framework – if you do not have the time or expertise in your company, you will need to hire consultants.
We understand that Starting a business cashflow is always tight. However if you want that big contract after your first POC, you will need to answer some compliance questions.
Compleye Online is an affordable solution for Start-ups that will give you all the templates and guidance needed for ISO27001.
We understand that compliance is a boring topic to most Tech and Business people, unfortunately that is the result of leaving it up to corporates. However, you do not have to take over the way corporate are organizing it.
The lean compliance approach starts always with your value proposition, instead of all the difficult standards, and that will make it a bit more fun.
Right now, if you are searching on the internet – it probably means that one of your customers have already made soem requests . So start with defining how you compliance roadmap could look like.
If you have developed (and maintain) your own application, GDPR is not enough. You will need to start setting up your ISO27001 framework and ensure that you are building in a cybersecure environment.
The Compliance Officer works together with management and staff to identify and manage regulatory risk. Some of the responsibilities:
- Develop and maintain company policies and procedures
- Evaluate the company’s procedures, practices, and documents to identify possible weaknesses or risks
- Conducts internal audits
- Provide accurate management review report
Before hiring your own compliance officer, buy first a Compleye Programs and work with one of our Online Compliance Officer. That will save you time and money at the start.
Do you want a full Role description? Email us:
ISO 27001 does not require a specific number of policies to be implemented. The policies depend on the type, capacity and services of your organisation
Not necessarily however, the organisations should consider that if vulnerabilities are identified internally using a scanning tool, you would still need to establish if vulnerabilities can be exploited or not. To do that, you would need to carry out a penetration test
Yes, these are GDPR mandatory requirements