Call us Today +44 (0)1536 711 999

Marval logo

Our ISO/IEC 27001 Journey: 10 Lessons Learnt

By Richard West, Service Desk Manager, Global Service Desk, Marval


Recently, we made the strategic decision to certify our environment against the ISO/IEC 27001 standard for Information Security. The certification process was long and thorough, and it required a lot of preparation and commitment by our team. A big part of it was about gathering relevant information to support and document our current practices and ways of working; and it was an eye opener indeed. Undergoing this path, we developed a clear overview of our competencies, but also realised our weaknesses and things that required our attention.

So, what have we learnt during our document gathering process? Here’s a list of our top ten lessons learnt:

1.      Allow more time than you think. Even if you have allocated extra time already, it is very likely that you will need much more. Start early and keep going at a steady pace, because there will be unpredictable delays on the way.


2.      Involve more people than you thought you needed. Make sure your team is on board and has fully embraced the concept. Also make sure they are available (no holidays, business trips or training courses planned), because you will need all the help you can get.


3.      Forget what you did for any previous ISO standard models. Each standard requires a different approach. Even if you have experience with ISO/IEC standards, this will be tabula rasa; you will be starting from scratch.


4.      You are actually already doing a lot of the things required - and doing them well. Most organisations have their established processes already, and it’s a great relief to see that many of them already are in the right direction.


5.      Don’t be afraid to question the standard and don’t modify how you work to fit the standard. You work in a specific way for a reason, and nobody knows your organisation’s needs better than you do. If something feels wrong, then it probably is. Raise your concerns and make sure they are taken into consideration.


6.      Ask more questions from your Registered Certification Board (RCB) during the planning stage. There’s nothing more frustrating or unproductive than doing a lot of work in the wrong direction, or for the wrong reasons. Make sure you are clear on what exactly is required and don’t hesitate to ask again and again, if anything still needs clarification.


7.      Don’t read lots of other companies’ experiences online (it would put you off starting). Every organisation is unique, and so are their needs, processes and experiences. Something that was hard for another business could be easy-peasy for you, and vice versa. Don’t let other people’s experience affect your views and decisions.


8.      Spread the load evenly, don’t depend on one individual exclusively. Every member of the team has skills and capabilities that can be put in good use, and there will be enough work for everyone. Engaging the whole team from the very early stages will accelerate the process, help your staff understand and embrace the goal and objectives, and ensure that everyone is actively involved from the beginning.


9.      Your reasons for beginning this process review were based on sound judgement and it will be worth it in the end. Share the vision with your team and help them keep their focus, enthusiasm and eyes on the ball, knowing that you will reap the harvest together.


10.  You can overwrite processes. Keep your processes as brief and accurate as possible and don’t say you do something when you don’t.

Contact Us View all Articles

Similar Articles

Endless possibilities with Marval...

Whatever your aspirations might be, we have the technology, the expertise and the people to make them happen.

We know you may have some questions...

I would like to opt in to receive marketing communications from Marval via:

  • Request a

    Discover the benefits of implementing MSM software, designed to improve service quality, customer satisfaction and reduce costs

  • Download

    Your central repository of interesting and useful information on IT Service Management

  • Customer
    Case Studies

    See how organisations all over the world use Marval MSM software to address their most critical IT Service Management challenges

  • Contact

    Contact us to discuss your service improvement requirements