ISO 9001-certified SMEs in Ireland are being urged by Amtivo to build on existing quality management standards by adopting ISO 27001.
Ireland has seen a 74% increase in cyber attacks on Irish businesses in 2024, with small and mid-sized organisations increasingly affected (Hiscox Cyber Readiness Report 2024). A single breach can result in data loss, reputational harm, and major operational disruption. High-profile cyber incidents involving Marks & Spencer and Co-op have highlighted the scale and impact of such attacks, regardless of business size or sector.
ISO 27001 is an internationally recognised standard for Information Security Management Systems. It outlines the requirements for establishing, implementing, maintaining, and continually improving an information security management system through risk assessment, control measures, and monitoring and improvement. It also supports organisations in demonstrating their commitment to information security to customers, partners, and regulatory stakeholders.
 |
The National Cyber Security Centre reported a 20% rise in serious cyber security incidents across Ireland in 2024 (RTÉ News, Aug 2024), and the National Standards Authority of Ireland continues to promote ISO 27001 as a standard for helping build processes to strengthen cyber resilience (NSAI).
For businesses already certified to ISO 9001, implementing ISO 27001 can be more structured, as foundational management system practices are already in place. The two standards share many core elements, including internal audits, risk-based thinking, document control, and leadership involvement in continual improvement.
ISO 9001 is a globally recognised standard for Quality Management Systems. While it focuses on consistent quality, process control, and continual improvement, it does not specifically address information security risks. For SMEs already certified to ISO 9001, ISO 27001 offers a structured approach to managing information security risks, helping organisations improve cyber resilience and develop focused processes to protect data and respond effectively to potential threats.
“ISO 9001:2015 certified businesses have demonstrated a strong compliance structure is in place and are therefore working to a recognised management system standard.” said Caroline O’Sullivan, Managing Auditor at Amtivo.
“Adapting ISO 9001:2015 to meet the requirements of ISO 27001:2022 is a natural progression for any business, given the rigorous processes and procedures already in place. In effect, a business certified in both standards is demonstrating its commitment to the security of information it uses, its obligations to safeguarding sensitive data while defending against ever increasing cyber threats, in a manner that also exceeds the quality expectations of its customers.
Given the evolving nature of a digital age, this approach can only strengthen the value proposition of any business in the eyes of its prospective customers.”
Evcoms, a Dublin-based communications consultancy, recently added to its ISO 9001 and ISO 14001 certifications by achieving ISO 27001 with Amtivo.
“We were surprised by how much of the groundwork was already done thanks to ISO 9001,” said Mark Evans, CEO at evcoms. “ISO 27001 gave us the extra assurance and structure we needed to assess risks for our business, our systems, and our clients”.
To help Irish SMEs take the next step, Amtivo is offering a free downloadable guide: ISO 9001 vs ISO 27001: Key Requirements.
