ISO27001; Saving money and building trust
Some think that ISO27001 is only about making your business secure - but in fact it's so much more than that. I like to think of ISO27001 as a 'trust indicator'. If you look at it that way, you can quickly see how it can lead to money savings or increased revenue.
It may come as a surprise to hear that a security standard can do more than make you more secure, but it can.
How does ISO27001 help increase revenue?
Let’s start with the basic understanding that in principle we do business with people we know, like and trust.
Think about any business you buy from and see if they fit into the above three areas. Perhaps they tick all these boxes. I firmly believe that one of the reasons Amazon is so successful is because we know them, we like what they provide, and we trust them to deliver.
So ask yourself three questions;
How do customers know us?
Why do customers like us?
How do we show we are a company our customers can trust?
Most businesses can easily answer the first two questions, but the third one is more difficult. I think this is one of the reasons second-hand car dealers have such a bad reputation; We just don't trust them!
With that ISO27001 certificate on your wall (and website), you provide assurance that you’ve invested in their safety and security, which leads to you establishing trust with the customer from the outset.
Stand out from the crowd.
Every business is trying to stand out and be different from its competitors or demonstrate additional value to customers and how they can be trusted.
When you’re doing your competitor analysis, did you look at their certificates? Are they ISO27001 certified? Do they have other security credentials that demonstrate they can be trusted?
By having the ISO27001 in place, you can demonstrate that you’re as good as, if not better, than your competitors. This might mean the difference between being selected or not as a preferred option when you’re being compared in the marketplace.
Having ISO27001 can help you stand out from your competitors and win new business.
Love me Tender
Organisations with ISO27001 can complete bids and tenders more quickly (making them more efficient and productive) and comprehensively, meaning that they’re more likely to win the offer or move forward in the tender process.
I’ve seen security questionnaires containing hundreds of questions, running into dozens of pages that had to be completed because the company couldn’t answer a straightforward question; “Are you ISO27001 certified?”.
But even in situations where you still need to complete all the questions, having ISO27001 in place means you have all the answers (or any of them) to hand. You’ll know what response to provide and have policies and procedures you can share or quote.
Having ISO27001 improves your tender process and increases the likelihood that you’ll win the bid and increase revenue.
Increased value
Increasingly businesses are looking for external investment and support, and if this includes you, then you’ll need to demonstrate that you’re a business that is a good investment. How?
By demonstrating you are a robust, safe and secure opportunity to invest in. Having ISO27001 tells potential investors that you’ve thought through the risks, threats and vulnerabilities and have put measures to protect the business, and therefore their investment.
Reduction of costs
Risk Management is a big part of ISO27001, but the intent behind Risk Management is to identify things that can go wrong and implement appropriate controls to address the risks. Without a good risk review, you might be spending money on false security, such as increasing spend on technical security when you should be spending it on training.
Or perhaps you’re not in control of your assets, and staff are leaving with equipment that should be returned to you. ISO27001 requires you to have an approach to asset management which includes the return of physical and data assets.
Finally, the Supplier Management requirements of ISO27001 mean you should be reviewing supplier agreements periodically. This can lead to renegotiating contract terms or service level agreements that can improve your business and save you money!
Having ISO27001 can improve your efficiency and remove waste from your business.
Conclusion
Today I’ve focused on the revenue increasing benefits of ISO27001, but as I've indicated, it could save you money too. Want more examples of how this is possible?
Reduce IT costs – e.g. focusing on improved IT services (e.g. secure Cloud services)
Reduce software costs - e.g managing software licences
Increase employee engagement – by increasing Comms and engagement
Increase productivity – e.g. Bids and Tenders are completed faster
Of course, we do need to mention that the cost of NOT doing these things is the absolute reverse of the above. NOT having ISO27001 can lead to increased operating costs, low employee morale and engagement, dissatisfied customers and increased risk of breaches leading to fines and claims for compensation.
They say that business moves at the speed of trust. If you can be trusted, then more people will want to invest in you and do business with you.
ISO27001 is a tangible way of demonstrating trust.
Yes, the standard is about implementing a security management system, but to leave it at that is to miss the whole point. When we buy a car it’s not just to get from ‘A to B’, it’s about where that vehicle can take us, and how it benefits us.
Having ISO27001 provides very real, tangible business benefits if we look beyond the obvious.
Give us a call
If you’re interested in talking to some experienced ISO 27001 consultants, then give us a call today and we’ll discuss how quickly and easily we can help you achieve this.