{"id":4888,"date":"2010-01-28T23:14:23","date_gmt":"2010-01-28T23:14:23","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/27001academy\/blog\/010\/01\/28\/main-obstacles-for-implementing-iso-27001\/"},"modified":"2025-07-08T11:07:52","modified_gmt":"2025-07-08T11:07:52","slug":"main-obstacles-for-implementing-iso-27001","status":"publish","type":"post","link":"https:\/\/staging.advisera.com\/27001academy\/blog\/2010\/01\/28\/main-obstacles-for-implementing-iso-27001\/","title":{"rendered":"Main obstacles to the implementation of ISO 27001"},"content":{"rendered":"<p>You have this great idea that <a href=\"\/27001academy\/what-is-iso-27001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 27001<\/a> will help you achieve compliance, attract new customers, decrease cost of incidents, and streamline your core IT processes? The idea is nice, but when it comes to implementation, things are getting complicated.<br \/>\n<div id=\"side-banner-trigger\" class=\"banner-shortcode\"><\/div><div id=\"middle-banner\" class=\"banner-shortcode\"><\/div><script>loadMiddleBanner();<\/script><\/p>\n<p>First you would have to convince your management (if you are not in top management yourself) that ISO 27001 is really needed in your company. Management is usually overloaded with other commitments and deadlines, and it is not likely that they would like to undertake another project to worry about.<\/p>\n<p>Even if management is eager to do something about information security, the second question arises \u2013 how to finance it? At first sight, it may seem that \u201cthis paperwork shouldn\u2019t cost too much\u201d, but soon you realise that you have to pay for the consultant, buy literature, train your employees, invest in software and equipment, pay for certification etc.<\/p>\n<p>But let\u2019s say that by some miracle you find the money for it, and then the third question arises: who will actually do it? If you have a frank consultant, he or she will tell you that it is not enough for a consultant to provide you with templates of the documentation, but you must try really hard to customize the documentation according to your situation. But it doesn\u2019t stop here \u2013 the consultant tells also that you actually have to do precisely what the documentation (and the standard) tell you to do. And it is a permanent obligation, not a one-time job.<\/p>\n<p>So you come to your colleagues and ask them how you would divide the job for implementing and running ISO 27001, and suddenly they start talking about something else. Even worse, you might ask management to employ an Information Security Manager who, because of lack of such people on the market, doesn\u2019t work for small sums.<\/p>\n<p>So, you end up being appointed project manager for ISO 27001, with small or almost non-existing budget, with a team that does not really want to bother with information security, and management that wants the certificate as soon as possible once the project has started.<\/p>\n<p>Are you still interested in ISO 27001?<\/p>\n<p><em>To overcome most common problems with the ISO 27001 implementation, check out the <\/em><a href=\"\/conformio\/\" target=\"_blank\" rel=\"noopener noreferrer\">Conformio compliance software<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>You have this great idea that ISO 27001 will help you achieve compliance, attract new customers, decrease cost of incidents, and streamline your core IT processes? The idea is nice, but when it comes to implementation, things are getting complicated. First you would have to convince your management (if you are not in top management &#8230;<\/p>\n","protected":false},"author":26,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[381,1497,1498],"class_list":["post-4888","post","type-post","status-publish","format-standard","hentry","category-blog","tag-iso-27001","tag-implementation","tag-obstacles"],"acf":[],"_links":{"self":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/4888","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/comments?post=4888"}],"version-history":[{"count":2,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/4888\/revisions"}],"predecessor-version":[{"id":104268,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/4888\/revisions\/104268"}],"wp:attachment":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/media?parent=4888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/categories?post=4888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/tags?post=4888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}