While choosing ISO27001 consultant or implementation partner, usually companies do not know the basis on which they should select the right vendor. Due to lack of adequate awareness and hence as a common practice, organisations choose to select ISO27001 Consultant Company purely based on cost.
Typical mistakes in implementing ISO27001 Compliance
All those who are in cyber security industry, know very well that when the cost is compromised, the security is compromised. Actually the security solutions are not very costly, neither those are cheap. What is important, is to have a vendor or partner company who would understand the organization’s business well, and create a customized set of policies and procedures of ISO27001 compliance (or any other compliance for that matter). I have seen that in almost all cases, the partner company either lack the insight into the organization’s business for who they are implementing, or they loose track of it somewhere during the course of implementation.
Implementing ISO27001 is not about copy-pasting internet-downloaded policy documents. Its all about customizing the policies for organization's business scenarios.
How to select a right vendor for implementing ISO27001?
While there cannot be a simple answer, I have jotted down a checklist which can become a selection criteria of ISO27001 vendors or partners. It can be found at the link below.