Insights Association > Resources > ISO Certification.2.1 > ISO 27001 Standard (Information Security)

ISO 27001: INFORMATION SECURITY STANDARD

ISO 27001 is  the most widely recognized and internationally accepted information security standard. ISO 27001 provides a framework for companies to manage their data security, establishing requirements for information controls regarding people, processes and technology.

In addition, companies can also pursue ISO 27701, a critical security extension certification to ISO 27001 that establishes privacy requirements for data processors and/or controllers, and is mapped to the requirements of the EU GDPR. 

As a first step to any implementation, purchasing the standard is key to the process. Please visit the ANSI webstore to secure a copy of:
- ISO 27001:2022: Information security management systems*
- ISO 27002:2022: Normative reference to ISO 27001
- ISO 27701:2019: Privacy information management systems

For questions, program support and invoicing options, contact Juliana Wood, CIRQ's Managing Director at juliana.wood@cirq.com or 202-370-6318.

*Note: ISO 27001:2013 audit and certification services will be offered through March 2024. After that time, new clients interested in audit and certification are required to certify to ISO 27001:2022. If you represent a company implementing the 2013 version of the standard, and need guidance on the requirements to ensure your system is ISO 27001:2022 compliant and ready to schedule an Initial Certification Audit, contact CIRQ today for assistance.

WEBINAR RECORDING - Keeping your Client Data Safe: Updates to ISO 27001 & ISO 27002 – In late 2022, the global information security management system standard (ISO 27001), and the standard that serves as its normative reference (ISO 27002), were updated. Learn how changes to ISO 27001:2022 effect certified companies and those thinking about getting certified from Juliana Wood, Managing Director, Certification Insititute for Research Quality (CIRQ), and Ron Bernard-Rivera, ISO 27001 Lead Auditor for CIRQ.

WEBINAR RECORDING - Getting to Know the ISO 27001 Information Security Standard
Learn about the preparation, process, and many benefits of certification from those who have done it - featuring Bill Baird, Chief Security Officer, Phoenix Marketing International & Chanttel Allen, Managing Director, The Olinger Group.

                                    

The Certification Institute for Research Quality (CIRQ)'s ISO 27001:2022 program is accredited by the ANSI National Accreditation Board to ISO 17021-1:2015, the ISO standard for certification bodies that provide audit and certification of management systems. CIRQ was formed to provide auditing and certification services globally to market research firms in order to assess their compliance with ISO 20252 and ISO 27001

WHAT ARE THE BENEFITS OF IMPLEMENTING ISO 27001?

“The policy development and process required to attain certification has greatly improved our security posture and maturity level, helping us to understand where we are and how best to protect our information assets.  Certification has become a standard requirement for obtaining new business in our industry and for maintaining existing relationships with many of our customers.  Certification will help us respond to SIG questionnaires from internal customer security teams and auditors. “

—Bradley Cooper, Chief Information Security Officer, RTI Research

Increased Compliance
The umbrella framework of ISO 27001 allows you to meet the requirements of:

  •    Federal – HIPAA, GLB, SOX
  •    State – MA, CA Privacy laws
  •    Industry – PCI, DSS
  •    Contracts – Your Clients
  •    ISO/IEC 27001 & ISO/IEC 27002 IT Security Techniques Package 

Holistic, Comprehensive Security Planning
Securing the data that research and analytics companies collect, store and transmit is not solely a technology issue. Effective data security requires a comprehensive plan that includes educating your people and formulating processes to avoid mishandling or unauthorized access—this is what certification to the standard provides.

Effective Communications About Your Security Efforts
If your company is bombarded with lengthy data security and protection questionnaires from current and potential clients, and you’re uncertain how to answer completely and correctly, certification to ISO 27001 and the ISO 27701 security extension can help. This is critical, as failure to respond to such requests, or doing so insufficiently or inaccurately, can lead to lost business and/or risk exposure for your company. Certification conveys quickly and easily that your organization’s security practices are adequate.

Educated Staff
ISO 27001 implementation and certification provides your company with a strategic information security framework that can help you win business and educate your staff on key measures for protecting your valuable data.

Access to an Expert Security Consultant
An information security management system (ISMS) consultant can be a valuable resource to help with an implementation timeline, and IA can recommend providers who have worked with company members through their successful audit and certification. 

For questions, program support and invoicing options, contact Juliana Wood, CIRQ's Managing Director at juliana.wood@cirq.com or 202-370-6318.