ISO 27001 Information Security Management Systems

Helps manage sensitive company information so that it remains secure!

More Info

What is GDPR and how will it affect me?

Free – 1 hour online webinar

The new GDPR Regulations affect every UK business that holds data.

Free online webinar
More Info
More Info

Introduction to GDPR

1 Day Course – £250

Learn what the new GDPR (General Data Protection Regulations) mean for your business – every UK business is affected, it cannot be ignored

In-house course Public course
More Info
More Info

ISO 27001 Foundation Course - CQI IRCA Certified

1 Day Course – £445

Learn what a Information Security Management System is and the requirements of the ISO 27001 standard

In-house course
More Info
More Info

ISO 27001 Internal Auditor Course - CQI IRCA Certified

2 Day Course – £795

Learn how to plan and conduct internal audits of your companies Information Security Management System

In-house course
More Info
More Info

ISO 27001 Lead Auditor Course - CQI IRCA Certified

5 Day Course – £1295

We teach you the tools and techniques of how to plan, lead and report audits within your own organisation, your suppliers or third party organisations

In-house course Public course
More Info
More Info

ISO 27001 Auditor Conversion Course - CQI IRCA Certified

3 Day Course – £1095

ISO 27001:2013 Auditor Conversion course

In-house course Public course
More Info

Not sure which course is right for you?

Use our course selector

Need to train more than 3 people?

We can customise each course to match your exact needs

Talk to one of our helpful team today

Get your free quote

Why choose Batalas?

We have been doing this for over 50 years
We have trained over 250,000 people in this time
Our course pass rate is over 95%
99% of our clients say they would use us again
No pass no fee – if you don’t pass, you don’t pay

ISO 27000 is a family of standards which helps organizations of all shapes and sizes to keep information safe and secure. Many third parties will trust you with their data assets such as employee details, financial data, intellectual property; using this family of standards helps all interested parties.

ISO 27001 is part of this family and probably the best known standard for information security management systems (often referred to as ISMS)

IMPORTANT! There is a new European version of 27001 called BS EN ISO/IEC 27001:2017, which includes approval by CEN/Cenelec. The changes from ISO 27001:2013 are very minor and affect only subclause 6.1.3 and control A.8.1.1. They are not considered significant in the delivery of this course. The latest official “ISO” version is currently ISO 27001:2013.

Some of the benefits of achieving certification to ISO 27001:

  • Minimising risk – using the correct controls your organisations can navigate the risk from information security threats
  • Reduce costs – by streamlining your processes and procedures you can reduce overheads
  • Build confidence – give your customers and other stakeholders the confidence by managing your risk

Latest Resources

No place like home (for a security breach)

Do you really want to read another article about Covid-19?  Probably not.  With the recent upsurge in home working suddenly everyone’s an expert on it!  Many people have worked at home prior to the [...]

GDPR one year on – what fines have been issued?

Wow that year went quick! Have you looked at the fines the ICO (Information Commissioner’s Office) have hit companies with since GDPR was introduced on 25th May 2018? They make quite scary reading... [...]

Load More Posts

Frequently Asked Questions for Auditing Management Systems


Firstly, the ISO standard (ISO 9001) states that you must internally audit your organisation at planned intervals and that you must audit if it

  • meets the planned arrangements (with regards to product realization)
  • meets the requirements of the ISO standard
  • meets the requirements of your management system

But you will note that it does not directly say that you must audit every 12 months. Having said that, it is common sense that if you left it longer than 12 months (or even shorter) between audits then would you be able to prove that the system does everything above? Therefore the industry standard is every 12 months, although this can change:

The standard also states that when planning the audit programme you must take into account the “status and importance” of the processes and areas being audited, and very importantly the results of previous audits. In other words, if a process if critical to what you do, or previous audits have found problems, then that process must be audited more often.

One of the main reasons why internal audits raise trivial, and in some cases repeating, nonconformities is that audit reports are not ‘closed out’ correctly. It is important that actions taken to address nonconformities are corrective action (correcting the root cause of the issue) and not correction (purely a short term fix).
Managers are measured on results and therefore results orientated information is of prime concern to them. If the internal audit process includes the identification of process effectiveness and opportunities for improvement then you will grab their attention.
Technically yes.

The requirement in all standards is to conduct internal audits against

  • the appropriate ISO standard
  • any regulatory and legal requirements
  • your own management system requirements

Having said that, if you work in a larger organisation then the likelihood is that you have a team of auditors, some audit the entire system and others will conduct smaller process/procedure audits  – every situation is different, if in doubt give one of our friendly team a call for free advice

Yes. The advantage is that a good auditor may be able to use his/her experience to identify opportunities for improvement which would not have been possible by using your own staff. The downside is that the use of external auditors tends to lead to a lack of ownership of the management system.

Auditing can be seen as a fairly negative process, with the emphasis being on digging into the detail and raising what is seen to many as trivial issues.

Consequently, when selecting internal auditors it is normal to add more junior staff to complement the small team of quality, environmental and health & safety professionals.

Internal auditing should be focused on improving the management system, and hence business performance, and therefore more senior managers should be involved in internal auditing.

One of the ways to get them involved is to allocate to them the task of auditing for improvement, with more junior staff involved in the more time consuming tasks of conformance auditing.

We’re Here To Help Your Business Secure It’s Information

Get In Touch Today To Find Out More

Let’s Talk

Stay up to date with industry news, courses and offers

  • By submitting this form, you are giving your consent to receive marketing emails from Batalas. Your data will not be forwarded to any third parties and you can unsubscribe at any time.

    By clicking submit you agree to the Terms and Conditions and Privacy Policy