4Practical Tips & Hints PhoenixPro Why do it? Is it worth it? How technical is the external certification audit?Is it “all or nothing”?I am compliant, how do I justify certification?Why not do it on our own?Type of resources needed?Key Areas to WatchISO27001 is not shelf warePolicies means €€€€s!!!All “Assessments” need to be fairDR / BCP a particular challengeOutsourcing is allowed WITH SLAsProcurement. Contracts. Technology. Projects.