.png)
Everything about ISO 27001: The Complete Guide
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Lorem ipsum by sit amet, consectetur adipiscing elit, sed do eusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Dis aute irure door in reprehenderit in voluptate velit se cillum dolore eu fugiat nulla pariatur.
Block quote
Ordered list
- Item 1
- Item 2
- Item 3
Unordered list
- Item A
- Item B
- Item C
Bold text
Emphasis
Superscript
Subscript
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Lorem ipsum by sit amet, consectetur adipiscing elit, sed do eusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Dis aute irure door in reprehenderit in voluptate velit se cillum dolore eu fugiat nulla pariatur.
Block quote
Ordered list
- Item 1
- Item 2
- Item 3
Unordered list
- Item A
- Item B
- Item C
Bold text
Emphasis
Superscript
Subscript

What's your current stage?
ISO 27001 is not a standard you can grasp in an afternoon. The journey from initial exploration to certified organization has multiple phases, and each phase raises different questions. That's why we've categorized all our knowledge articles by your current step. Click on an article that matches your situation and dive right in.
Block 0 — Is ISO 27001 right for my organization?
Not sure if ISO 27001 applies to you yet? Start here. These articles will help you determine if certification is relevant — or even mandatory — for your organization.
- ISO 27001 obligations: when is certification mandatory? → https://www.fendix.nl/resources/wanneer-is-iso27001-certificering-verplicht
- Who should consider ISO 27001 certification? → https://www.fendix.nl/resources/wie-iso-27001-certificering
- What is the importance of information security? → https://www.fendix.nl/resources/wat-is-het-belang-van-informatiebeveiliging
Block 1 — What is ISO 27001 and why should I pursue it?
You know information security is important, but first want to understand what the standard entails and what its benefits are. In this block, we lay the foundation.
- What is ISO 27001? Get your free ISO 27001 guide! → https://www.fendix.nl/resources/wat-is-iso-27001
- What does information security mean according to ISO 27001? → https://www.fendix.nl/resources/informatiebeveiliging-iso-27001
- What are the benefits of an ISO 27001 certification? → https://www.fendix.nl/resources/voordelen-iso-27001-certificering
- What does the change to the ISO 27001/27002 standard mean for my organization? → https://www.fendix.nl/resources/wat-betekent-de-wijziging-van-de-iso-27002-norm-voor-mijn-organisatie
- Differences between ISO 27001 and ISO 27002 → https://www.fendix.nl/resources/verschillen-tussen-iso-27001-en-iso-27002
- ISO 27001 vs. NEN 7510: what are the differences? → https://www.fendix.nl/resources/iso-27001-nen-7510-verschillen
- NIS2 & ISO 27001: the overlap, differences, and how your organization can become compliant → https://www.fendix.nl/resources/nis2-iso-27001-de-overlap-verschillen-en-hoe-je-organisatie-compliant-wordt
Block 2 — What does it cost and how long does it take?
You're convinced of the added value, but want to know what a project will cost your organization and what to expect. This section provides all the information you need to build a solid business case.
- What does ISO 27001 certification cost? → https://www.fendix.nl/resources/wat-kost-een-iso-27001-certificering
- ISO 27001 quick scan or gap check: how does it work? → https://www.fendix.nl/resources/iso-27001-quickscan-of-gap-check-hoe-werkt-het
- ISO 27001 consultancy or guidance – what can you expect? → https://www.fendix.nl/resources/iso-27001-consultancy-begeleiding-wat-mag-je-verwachten
- What does an ISO process involve? → https://www.fendix.nl/resources/hoe-ziet-een-iso-traject-eruit
- What does our implementation process involve? → https://www.fendix.nl/resources/hoe-ziet-ons-implementatietraject-eruit
- 7 criteria for choosing the right ISO implementation partner → https://www.fendix.nl/resources/7-criteria-om-de-juiste-iso-implementatie-partner-te-kiezen
Block 3 — How do I implement ISO 27001?
You're really going to do it. This is the practical hub for QHSE coordinators, Security Officers, and everyone who rolls up their sleeves. From defining the scope to risk analysis and the necessary documents.
- Everything about implementing the ISO 27001 standard → https://www.fendix.nl/resources/alles-over-het-implementeren-van-de-iso-27001-norm
- Defining ISO 27001 Policy and Scope: Here's How → https://www.fendix.nl/resources/iso-27001-beleid-en-scope-bepalen-zo-doe-je-dat
- What is an ISMS (Information Security Management System)? → https://www.fendix.nl/resources/wat-is-een-isms-information-security-management-system
- What is a Statement of Applicability in ISO 27001? → https://www.fendix.nl/resources/wat-is-een-verklaring-van-toepasselijkheid-statement-of-applicability-in-iso-27001
- What Documents Do You Need for ISO 27001 Compliance Evidence? → https://www.fendix.nl/resources/welke-documenten-heb-je-nodig-voor-iso-27001-bewijsvoering
- Download the free ISO 27001 checklist with practical tips → https://www.fendix.nl/resources/download-de-gratis-iso-27001-checklist-met-praktische-tips-om-direct-aan-de-slag-te-gaan
- How do I perform a risk analysis? – With example → https://www.fendix.nl/resources/hoe-voer-ik-een-risicoanalyse-uit-met-voorbeeld
- Privacy under control with ISO 27001: what you need to know → https://www.fendix.nl/resources/privacy-onder-controle-met-iso-27001-dit-moet-je-weten
- ISO 27001 security awareness: mandatory controls and how to comply → https://www.fendix.nl/resources/security-awareness-een-verplicht-onderdeel-van-de-iso-27001
- What are the ISO 27001 Annex A controls? The 93 controls explained → https://www.fendix.nl/resources/wat-zijn-de-iso-27001-annex-a-controls-de-93-beheersmaatregelen-uitgelegd
- Classifying, labeling, transferring: 3 inseparable ISO 27001 controls → https://www.fendix.nl/resources/classificeren-labelen-overdragen-3-iso-27001-controls-die-je-niet-los-kunt-zien
- Supplier management within ISO 27001: how to meet the Annex A requirement → https://www.fendix.nl/resources/leveranciersbeheer-binnen-iso-27001-zo-voldoe-je-aan-de-annex-a-eis
Block 4 — I'm certified. Now what?
The certificate is in hand. But maintaining an ISO 27001 certificate requires just as much attention as obtaining it. In this block, you'll read all about internal audits, management reviews, and what's expected of you during and after the external audit.
- What does the external audit process look like? → https://www.fendix.nl/resources/hoe-ziet-het-externe-audit-traject-eruit
- Preparing for an external audit: how you and your colleagues can approach it calmlyhttps://www.fendix.nl/resources/voorbereiding-externe-audit
- What is an internal audit?https://www.fendix.nl/resources/wat-is-een-interne-audit
- What does the management review look like?https://www.fendix.nl/resources/hoe-ziet-de-directiebeoordeling-eruit
- What if I fail an audit?https://www.fendix.nl/resources/wat-als-ik-een-audit-niet-haal
- Maintaining your ISO certificate: this is what it involveshttps://www.fendix.nl/resources/het-onderhouden-van-je-iso-certificaat-dit-houdt-het-in
- ISO 27001 Recertification: What Changes After 3 Years? → www.fendix.nl/resources/iso-27001-hercertificering-wat-verandert-er-na-3-jaar
Block 5 — Does this apply to my sector as well?
ISO 27001 is a universal standard, but its application varies by sector. Whether you operate in healthcare, SMEs, or as an IT service provider: here you can read what the standard means for your specific situation.
- ISO 27001 for SMEs – what is achievable? → https://www.fendix.nl/resources/iso-27001-voor-mkb-bedrijven---wat-is-haalbaar
- NEN 7510 – the standard for information security in healthcare → https://www.fendix.nl/resources/nen-7510-de-norm-voor-informatiebeveiliging-in-de-zorg
- Security awareness in healthcare: mandatory under NEN 7510 → https://www.fendix.nl/resources/security-awareness-in-de-zorg-is-enorm-belangrijk-en-verplicht-vanuit-de-nen-7510
Ready to get started?
Do you want to know where your organization stands now and what the path to certification specifically entails for you? Schedule a no-obligation, complimentary introductory meeting with us. Together, we'll assess what's feasible, the costs involved, and how quickly you can achieve it.





















