The Schellman Blog

Introduction ISO/IEC 27001:2015 (ISO 27001) certification is becoming more of a conversation in most major businesses in the United States. To provide some depth, there was a 20% increase in ISO 27001 certificates maintained globally (comparing the numbers from 2014 to 2015 as noted in the recent ISO survey). As for North America, there was a 78% growth rate in ISO 27001 certificates maintained, compared to those in North America in 2014. So it is clear evidence that the compliance effort known as ISO 27001 is making its imprint on organizations in the United States. However, it’s just the beginning. Globally, there are 27,563 ISO 27001 certificates maintained, of which only 1247 are maintained in the United States; that is 4.5% of all ISO 27001 certificates.

As the world becomes increasingly digital, governments globally have taken measures to ensure the safety and security of their citizens' data.

"Even when clouds grow thick, the sun still pours its light earthward."

When it comes to ISO 27001, implementing a holistic information security management system (ISMS) in order to meet the standard is difficult—particularly where the internal audit requirement is concerned. As an experienced ISO Certification Body, we consistently hear feedback that the internal audit function is a particularly tricky part of the ISO 27001 standard.

Ever moved somewhere new? It’s a big life change, and of course, it’s important you pack all your belongings and get them moved to your new spot. But it’s not just your stuff that you need to account for—you’ll also be looking for a new local doctor to trust with your medical history, a new mechanic to trust with your car, etc.

According to a recent ISO survey, ISO/IEC 20000-1:2018 (ISO 20000-1) saw a 50% increase in worldwide certificates year over year. But when you think about ISO certifications, you likely think of the incredibly popular ISO 27001 standard or the new AI management standard, ISO 42001—not ISO 20000-1. So, why has the standard seemingly, suddenly shot to more prominence?

Today, after much anticipation, ISO announced that ISO/IEC 27001:2022 has officially been published. Ever since ISO/IEC 27002:2022 was published in February of this year, the industry has waited for this—that includes Schellman.

If your organization is pursuing ISO 27701 certification, you may face unforeseen challenges that can potentially slow down the entire process. Many times, they just crop up suddenly, derailing your hopes of providing privacy assurances to your customers (at least temporarily). As an ISO Certification Body, Schellman has performed countless 27701 certification assessments over the years, and our clients have encountered some of the same gaps many times over. Now, we want to help you avoid them.