As with any other project, if you do not ensure enough money and human resources, your ISO 27001 project will fail.
Obtaining an ISO 27001 or BS 25999-2 certificate is not mandatory, however most of the companies implementing either of these standards want to get certified – the main reason for that is that they want to achieve a marketing advantage.
ISO 27001 and ISO 9001 may seem like quite different standards, but when you take a closer look at both, you can find a lot of similarities.
While many business continuity methodologies exist for more than 20 years, none of them have really managed to include business continuity in regular management duties – this is probably why BS 25999-2 is emerging more and more as a leading business continuity standard worldwide.
Although many people consider ISO 27001 as a bureaucratic standard with no real benefits, actually the opposite is true – if it is implemented properly, not only will it enhance the marketing position of your organization, but it will also help you organize all information security activities in a clearly defined framework, and consequently decrease the level of risks.