Does my organisation need to be ISO27001 certified?
The decision to certify should be driven by your business requirements. A few examples of when it may be advisable to certify include:
Your organisation is selling online services
Your organisation has a security focus and wants to ensure credibility with current and potential clients
Your organisation is contractually or legislatively obligated to have a certified security framework
Do I need to be audited?
Regardless of your organisation’s need to certify, it is important to engage a certified auditor to conduct an independent, internal audit against whichever framework you choose to implement.