A multitude of factors contribute to obtaining the ISO certification. Depending on the size of your team, the complexity of your IT Infrastructure and the time that you are willing to put into it. A call with one of our Lean  Compleye  Designers can help you identify a realistic timeline .

Simply put, corporate compliance means having internal policies and procedures designed to prevent and detect violations of applicable law, regulations, rules and ethical standards by employees, agents and others. It involves legal risk management and internal controls. 
 
Always remember that it is much easier to become compliant as a small company and that you do not need to have a person on your team in charge of Security & Privacy to become compliant.  

Answer: No, a certification body who is a member of the International Accreditation Forum (IAF), and additionally ISO/IEC 17021:2015 certified, will issue the certification. Compleye support you in your challenge by providing tooling (compleye online) and services (Sessions). 

If you are a Startup or Scaleup, your corporate customers will require that you need to meet some of their own standards. However, you do not need to copy the way they are organizing their compliance. The Lean Compliance Approach of Compleye is focused on digital, data and visuals, to make compliance less complex and more embedded in your organization. 

You just need to negotiate which standards you need to have in place and you can define how to organize this. 

If you are a B2B company, with a your own developed product, the first requirement will be ISO27001 – International standard for Cybersecurity. This covers topics from Business, Legal, IT Infrastructure, Development and Security organization.  
 
We call it your licence to operate – and will ensure that you professionalize and embed your security in the heart of your organization. 

The ISO27001 external costs for certification are approx.. 8-10 KEuro , depending on the size of your company (max 10 fte) and the complexity of your IT Infrastructure. This fee will be paid to an Audit Certificate Company and last for 3 years. Next to that you will need to design and implement your ISO27001 framework – if you do not have the time or expertise in your company, you will need to hire consultants.  

We understand that Starting a business cashflow is always tight. However if you want that big contract after your first POC, you will need to answer some compliance questions.  

Compleye Online is an  affordable solution for Start-ups that will give you all the templates and guidance needed for ISO27001. 

We understand that compliance is a boring topic to most Tech and Business people, unfortunately that is the result of leaving it up to corporates. However, you do not have to take over the way corporates are organizing it. 
The lean compliance approach always starts with your value proposition, instead of all the difficult standards, and that will make it a bit more fun. 

Right now, if you are searching on the internet – it probably means that one of your customers have already made soem requests . So start with defining how you compliance roadmap could look like.   

If you have developed (and maintain) your own application, GDPR is not enough. You will need to start setting up your ISO27001 framework and ensure that you are building in a cybersecure environment. 

The Compliance Officer works together with management and staff to identify and manage regulatory risk. Some of the responsibilities: 

  • Develop and maintain company policies and procedures 
  • Evaluate the company’s procedures, practices, and documents to identify possible weaknesses or risks 
  • Conducts internal audits 
  • Provide accurate management review report   

Before hiring your own compliance officer, buy first a Compleye Programs and work with one of our Online Compliance Officer. That will save you time and money at the start.  

 
Do you want a full Role description?  Email us:
info@compleye.io 

ISO 27001 does not require a specific number of policies to be implemented. The policies depend on the type, capacity and services of your organisation

Not necessarily however, the organisations should consider that if vulnerabilities are identified internally using a scanning tool, you would still need to establish if vulnerabilities can be exploited or not. To do that, you would need to carry out a penetration test

Below you can see list of Audit Companies Compleye works with. 

BSI   https://www.bsigroup.com/

TUV  https://www.tuvsud.com/

DNV  https://www.dnv.nl/

To understand what is expected of you, we advise to buy the actual ISO27001 standard – from ISO https://www.iso.org/standard/54534.html (pricing 118 CHF July 2022). Compleye is not allowed to provide a copy of the standard for free to our clients – copyrights are reserved by ISO Organization.  

  • During external audit the auditor is checking the entire standard and will probably make  references during investigations to the content of the standard. 
     
  • During internal audit the content of the standard (including the Annex A) is also being checked and reported on non-conformities. If you are making use of the Internal Audit Templates – all requirements are copied in the templates, with defined criteria’s making use as much as possible of Compleye Online content uploaded, added or embedded features.  
    So if you want to have already a sneak peek on the ISO27001 standard – you can read the template.  
     
  • The compliance officer is the one that will need to own this document and make the rest of ISMS team ware of the implementation.  
  • The Compleye Wiki, will give you support on all topics how to implement.  
     
  • If you do not have a compliance officer in your company (yet), you can make use of Compleye Sessions to clarify topics of the ISO27001 standard.