Governance, Risk Management and Compliance
|
Information Security
|
ISO 27001
|
ISO 27001
FAQ
FAQ

Is there a legal requirement to comply with or be certified to ISO 27001?

There is, generally, no direct legal requirement as such.  Organisations choose whether or not to implement the requirements of ISO 27001 based upon the benefits that would be gained by doing so.  

However, you should pay close attention to any contractual obligations you may have for protecting the information of clients and other stakeholders.  

There is an increasing trend where customers require third party suppliers to implement or certify to ISO 27001, thus making it a legal requirement, by way of a contract.

Our partnership with URM has been outstanding. From supporting us with our own Cyber Essentials certification to assisting our customers with Cyber Essentials, ISO 27001, and virtual CISO services, URM consistently delivers exceptional service. Their expertise, open communication, and ability to allocate the right expert resources for specific requirements makes every project seamless. We highly value their support and look forward to continuing our collaboration.
Cyber security services and solutions provider
Contact the ISO 27001 Experts Today
Book FREE Consultation
URM is pleased to provide a FREE consultation on Transitioning to ISO 27001:2022 for any UK-based organisation.
Find out more
related BLog
Governance, Risk Management and Compliance
|
Information Security
|
ISO 27001

Information Risk Assessment and Treatment in ISO 27001

Published on
5 Jun
2025

URM’s blog explains how to conduct information security risk assessments and implement risk treatments that are both efficient and ISO 27001 conformant.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
29/5/2025
Implementing Technological Controls in ISO 27001

URM’s blog offers key guidance on how to effectively implement technological controls in your organisation, the common challenges & how these can be overcome.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
23/5/2025
ISO 27001:2022 - A.5 Organisational Controls (Legal, Regulatory and Contractual)

URM’s blog explains the legal, regulatory & contractual controls in ISO 27001 & how they can be implemented in full conformance with the Standard.

Read more
Thumbnail of the Blog Illustration
Information Security
Published on
19/5/2025
ISO 27001:2022 - A.5 Organisational Controls (Information Security Management)

URM explains the 8 information security management controls included within the ‘Organisational controls’ theme and how to prepare for an audit of each control

Read more
"
URM were super helpful and knowledgeable, talking and walking me through each one of the tests and providing some useful information on security and how to improve things in the future.
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.