‘Take Your Pick’ by the National Cyber Skills Centre

23 Sep, 2016

The National Cyber Skills Centre and ISO Quality Services Limited are collaborating on a 12 week series of articles, made available free their respective websites, to raise awareness for SMEs on how the adoption and adherence to a recognised industry or international standard provides the levels of information security and governance expected in today’s business world.


Within a business there will be a tipping point, a time when the decision is made to address the management and protection of data. This may occur through an internal desire for better corporate governance. Alternatively, it may be due to requirements needed to successful fulfil a new contract. Or perhaps it is due to a recent data breach that has caused boardroom unease at what may potentially happen in the future.

Regardless of the origins of this decision for greater governance, and for the record it is a very wise decision, then a path needs to be taken towards a standard. Which way is the right way – ISO27001 or Cyber Essentials? Both have merits, both have a long list of positive attributes to them and both will provide governance. Which one are you going to pick?

If truth be told, these two standards do not in fact compete, it’s not a case of one or the other, they are in fact complimentary. There is a crossover in some places but a business can actually start with either standard and then progress to the other when needed.

Cyber Essentials is composed of five key ‘technical’ controls. This means that the thrust of impending cyber essentials is going to be predominantly a technical exercise. ISO27001 is an information management system and thus in many cases is predominately a management exercise.

However, when discussions commence on choosing a path the waters may get muddied. For example, when discussing the technicalities of access control – which in short is ensuring that people only have access to data that is relevant to their current role and responsibility – it may become apparent that a more detailed system is needed than just checking the current permissions for access to servers.

Conversely when discussing the scope of an information management system, such as ISO27001, it may become apparent that to successfully implement it a company is going to need strong and transparent access control procedures.

A company can start with either standard and then at the appropriate time implement the other, or they may find that wish to implement them together. It all comes down to the aforementioned tipping point – what is the most pressing issue surrounding data protection and information management to a company right now?

Commencing the adoption of a standard is going to cause short term disruption to a company. Established processes and procedures around the protection and management of information, even the effective ones, will need to be audited, reviewed and revised causing many to question the value of such an undertaking.

Regardless of the choice of standard a project leader, with the necessary management support, will need to be appointed and they are going to be equally loved and loathed by those employees who are going to have their working processes and procedures changed by the implementation of one of these standards. However the long term gain will easily outweigh the sort term pain – just like any other necessary change.

There is no wrong choice in deciding which path to take, Cyber Essentials or ISO27001. Which in itself is unusual in business as there is normally an obvious downside to most business decisions. Both will protect your data, both will help manage your data, both will place your company on a firmer footing for data management going forward. The key decision is getting started and driving through what are necessary changes in the data driven world of modern business. So no need to hesitate any longer, it’s time to take your pick.

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Reduce, Reuse, Recycle

ISO 14001 Is Just About Recycling… Isn’t It?

19 Sep, 2023

The days of checking bins have gone! Find out how ISO 14001 has changed with the times.

Puzzle piece being put in place in to the center of a circle.

10 Benefits of Implementing Multiple ISO Standards

30 Aug, 2023

In the dynamic landscape of modern business, organisations are constantly seeking ways to enhance operational efficiency, quality, and management practices. A powerful strategy that has gained traction is the implementation of multiple ISO standards.

Multicoloured question marks in a pile with one large green question mark on top

What is the Annex SL Structure?

30 Aug, 2023

Implementing multiple ISO standards may seem daunting, but the Annex SL framework simplifies this process significantly. So, what is the Annex SL Structure, and what benefits does it bring organisations who want to implement multiple standards?

What are the business benefits of implementing ISO 9001?

10 Aug, 2023

For any business to survive, continual improvement is vital.  However, we all know that improvements can be costly.  Deciding on the right way to spend any budget you do have can be difficult including new equipment, extra staff or training existing staff to name but a few.  In this article, we look at why ISO 9001 can be a big boost to any business and why we believe it is the best way to ensure continual improvement for your business.