A premium assessment and certification service to all management system standards
BSI BenchMark is an alternative means of assessment that audits your compliance to your chosen management system standard (e.g. ISO 9001Quality) and independently evaluates, scores and validates your organization’s performance.
This premium service allows you to set your own criteria and targets, in addition to your management system requirements, to help ensure that you really are meeting key business objectives and unlocking your company’s true potential.
Who is it relevant to?
BSI BenchMark is suitable for any business that wants to achieve more from its current certification, would like to measure and tailor its assessment to its business objectives and have the ability to internally and externally benchmark its performance.
Which management systems can be used using this premium benchmark service?
This type of assessment can potentially incorporate any of our existing and future management systems standards, including:
We can also incorporate one or more of the above standards and include your own requirements to ensure we are giving you an assessment that is tailored to your organization’s needs and objectives.
BSI BenchMark is much more in-depth than a conventional assessment. With a conventional assessment there are no pre-arranged questions, Client Managers work from the clauses of a particular standard and there is no scoring available, only observations and non-compliances.
However, BSI BenchMark can be integrated with your existing management systems and your own requirements to give you an assessment that is tailored to exactly match your needs. Questions are used to review the maturity of your management system and following the review you are given a score that indicates where your organization’s main strengths and weaknesses are. This will allow your management to allocate resources and plan future improvements.
Certifying your ISMS against ISO/IEC 27001 can bring the following benefits to your organization:
- Demonstrates the independent assurance of your internal controls and meets corporate governance and business continuity requirements
- Independently demonstrates that applicable laws and regulations are observed
- Provides a competitive edge by meeting contractual requirements and demonstrating to your customers that the security of their information is paramount
- Independently verifies that your organizational risks are properly identified, assessed and managed, while formalizing information security processes, procedures and documentation
- Proves your senior management’s commitment to the security of its information
- The regular assessment process helps you to continually monitor your performance and improve
Note: these benefits are not realized by organizations who simply comply with ISO/IEC 27001 or the recommendations in the Code of Practice standard, ISO/IEC 17799.
We are experts in training as well as assessment and have a network of public and in-house courses dedicated to teaching you the skills you need before, during and after registration to the standard.
From a one-day introductory course, to implementation training or lead auditor courses, our network of public and in-house training can help you at every stage of the process. Our experience of how organizations of all types and sizes relate to the standard is unequalled - and we can deliver the training you need for understanding, implementing, assessing and certifying your information security management system.
We offer a comprehensive programme of training courses covering every aspect of ISO/IEC 27001 for:
Delegates who are new to ISO/IEC 27001 and information security management systems
- Courses in awareness, understanding and implementing a new system
Delegates who need to audit and improve an existing system
- Courses in auditing, assessing and improving an existing system
Next steps
For further information about specific training on this subject, please call us on
(+44) (0)845 086 9000 or enter your details in our enquiry form.
If you’re already one of our clients and have various standards in place, your Client Manager can help you assess where you are now, and guide you through to the certification process.
If you’re new to BSI, don’t worry, it’s still a simple process.
1. Choose the standard
Before you can begin preparing for your application, you’ll require a copy of the standard. You should read this and make yourself familiar with it.
2. Make contact
Get in touch and tell us what you need, so we can sort out the best services for you. We’ll then give you a proposal detailing the cost and time involved in a formal assessment.
3. Meet your assessment team
We’ll assign you a Client Manager, who will be your main point of contact through the process – and beyond. They’ll have an excellent understanding of your business area and will support you as you move forward to the assessment and registration of your information security management system.
4. Consider training
Whether you’re seeking to implement a management system or would like to increase your general awareness of the standard, there are a range of workshops, seminars and training courses available. Read more about training.
5. Review and assessment
We can do a desktop review of your existing information security management system against the standard, and identify any omissions or weaknesses that need resolving before formal assessment. Once these have been addressed, we’ll conduct a full on-site assessment.
6. Certification and beyond
Once the assessment has been successfully completed, we’ll issue a certificate of registration, clearly explaining the scope of your certification. The certificate is valid for three years, and your assessor will visit you regularly to help you make sure you remain compliant, and support you in the continual improvement of your systems.
Next steps
For further information or a "quick quote" please call us on (+44) (0)845 080 9000. Alternatively enter your details into our enquiry form and one of our advisors will contact you.
