- Original Poster
- #1
Hi all,
So I finally, after months of deliberation and research, got my business registered as a limited company.
I wanted to do a sanity check with those who own businesses outside of my own field in regards to my idea.
My research, plus 4 years experience working in small organisations wanting to get ISO certified, is that a lot of companies, especially smaller companies, struggle to get compliant with ISO27001, in that it takes them a long time to get all the nessecary documents/procedures written and then onto the certification audit due to either resource constraints or time constraints.
My idea is to, in effect, introduce "ISO in a box", which contains all the required (and relevant) documents plus a detailed description on how best to implement them, and offer it for sale as my main product, so an organisation can buy it, modify the policies and procedures to best fit their organisation and then go onto certification (with required evidence) and thus save them time in having to write everything from scratch.
As well as this, the ISO27001 standard has now changed from 2013 to 2022, with that it introduces a raft of new controls which have never been seen before. So my secondary idea was also to sell documents individually for those organisations who are transitioning from the 2013 to 2022 standard.
In short;
1. "ISO in a box" for organisations who are completely new and need a hand getting started
2. Individual documents for sale to help companies who are transitioning from the 2013 to 2022 standard.
I know there are other companies which sell documents directly, but I feel as though my unique aspect is that the documents I've written also come with detailed guides on best implementation rather than "This is what the control needs".
Apologies for the long post, I wanted to make sure I had everything in one post.
So I finally, after months of deliberation and research, got my business registered as a limited company.
I wanted to do a sanity check with those who own businesses outside of my own field in regards to my idea.
My research, plus 4 years experience working in small organisations wanting to get ISO certified, is that a lot of companies, especially smaller companies, struggle to get compliant with ISO27001, in that it takes them a long time to get all the nessecary documents/procedures written and then onto the certification audit due to either resource constraints or time constraints.
My idea is to, in effect, introduce "ISO in a box", which contains all the required (and relevant) documents plus a detailed description on how best to implement them, and offer it for sale as my main product, so an organisation can buy it, modify the policies and procedures to best fit their organisation and then go onto certification (with required evidence) and thus save them time in having to write everything from scratch.
As well as this, the ISO27001 standard has now changed from 2013 to 2022, with that it introduces a raft of new controls which have never been seen before. So my secondary idea was also to sell documents individually for those organisations who are transitioning from the 2013 to 2022 standard.
In short;
1. "ISO in a box" for organisations who are completely new and need a hand getting started
2. Individual documents for sale to help companies who are transitioning from the 2013 to 2022 standard.
I know there are other companies which sell documents directly, but I feel as though my unique aspect is that the documents I've written also come with detailed guides on best implementation rather than "This is what the control needs".
Apologies for the long post, I wanted to make sure I had everything in one post.
