News & Blogs

Can ISO 27001 be implemented without a consultant?
29 December 2023 10:55

Implementing ISO 27001:2022 without a consultant is possible if you possess competence and working knowledge of the standard.

Implementation requires dedication, careful planning and implementation against ISO 27001:2022 requirements.

Here are some of the DIY steps required to implement an ISMS based on ISO 27001:2022.


ü  Familiarise yourself fully with the requirements and principles set out in ISO 27001:2022.

ü  Ensure that top management are committed to the implementation of ISO 27001.

ü  Define the scope of your ISMS. Identify the boundaries and limits of what the ISMS will cover.

ü  Conduct a thorough risk assessment. Identify assets, vulnerabilities, threats, and assess the impact and likelihood of potential risks.

ü  Develop a risk treatment plan to address identified risks. Determine appropriate controls to mitigate or manage the risks. Develop an applicability statement.

ü  Develop information security policies and controls ensuring that they align with ISO 27001 requirements.

ü  Conduct training and competence development to raise awareness and competence in the application of the ISMS.

ü  Perform internal audits to ensure that your ISMS conforms with ISO 27001:. Identify any areas that require corrective action and improvement.

ü  Conduct regular management reviews to assess the performance of the ISMS and identify opportunities for improvement.

ü  Implement corrective and preventive actions to address non-conformities and continuously improve the ISMS.

ü  Maintain necessary documentation and records as required by ISO 27001.

ü  When you're ready, hire a UKAS accredited external certification body.

ü  Complete stage 1 and 2 ISO 27001 certification assessments successfully and achieve ISO 27001 certification.

Applying past experience and the points above you may be able to establish an effective ISMS based on ISO 27001. 

If you feel that the DIY approach may be overwhelming or that you require the assurance of success, consultant use may be the best route towards an effective ISMS.

Click here for our ISO 27001 consultancy service details


Click here for details of our ISO 27001 software service