ISO 27001 - Information Security & Compliance | inforevision

Internal auditing is a requirement of ISO 27001. It helps your organization adapt security as new threats and technologies emerge.

Home page ISO 27001

ISO 27001 - managing information security and compliance  

ISO 27001 is the most recognized international standard for information security - and an important foundation for GDPR, NIS2 and DORA. 

More and more companies are actively working with the standard to systematize security and strengthen trust with customers, partners and authorities. 

What is ISO 27001? 

ISO 27001 is an international standard that describes the requirements for establishing, implementing, maintaining and continuously improving an information security management system (ISMS)

The standard helps structure security work and create an overview of risks, policies, controls and business processes. 

When is ISO 27001 relevant? 

  • When you want a systematic approach to IT security 
  • When your customers require documentation or certification 
  • When you want to comply with NIS2, DORA or GDPR requirements 
  • When you want to prepare for an audit or external audit 
  • When you want to strengthen management control and overview 

Do you need help with implementation or evaluation? 

We help you implement or improve your ISMS to match the requirements of ISO 27001 - without unnecessary complexity. 

Read more about our consulting services here 

Do you need a statement documenting your efforts? 

We prepare audit statements (ISAE 3000) based on ISO 27001 so you can document your security level to customers and partners. 

Read more about our declarations here

Tool: Lexoforms 

Lexoforms can support ISO 27001 work by gathering risk assessments, controls and documentation in one place.  

Read more about Lexoforms 

Frequently asked questions (FAQ) 

Do you need to be certified to work with ISO 27001? 

No - you can work with the standard in a structured way without being certified. For many companies, an ISAE 3000 statement is sufficient documentation. 

Is ISO 27001 enough to comply with NIS2? 

ISO 27001 is a strong foundation, but NIS2 also has organizational and reporting requirements that need to be handled separately. 

What is the difference between ISAE 3000 and ISO 27001? 

ISO 27001 is a standard, while ISAE 3000 is a declaration type. An ISAE 3000 statement can be prepared using ISO 27001 as the basis for assessment. 

Contact us - and move forward with your information security 

We have many years of experience helping companies with ISO 27001 - both in advisory and declaration processes. 

Contact Simon

Simon Okkels is a Certified Information Systems Auditor (CISA®) - a global certification that guarantees deep knowledge of audit processes, reporting and compliance procedures within IT auditing and IT and information security.

Contact John

John Søbjærg is a state-authorized public accountant with in-depth knowledge of small and medium-sized companies in many industries. He has many years of experience in advising companies and issuing auditor's reports. 

Contact Rasmus

We are always ready to meet

Let's have a no-obligation conversation about what you and your business need and what we can offer. Just fill in the fields in the form and we will contact you shortly.

You are also welcome to call us at +45 39 53 50 00 or send an email to

Employees
140

Customers
3900

Revenue
+150 million

Year of establishment
1986

Growth per year
10%