In my experience, even when you have all these certificates, corporate IT will still want you to fill out there security questionnaire.
I would do Cyber Essentials, and then once you’ve done the work for that Cuber Essentials plus should be straightforward.
Most large businesses corporate IT departments realise that ISO certification is not something that small suppliers can do.
I do know of companies that have stopped at Cyber Essentials plus and had no problems.
One thing I have done previously is to create an IT security policy that is “aligned” with 27001. That can go a long way towards letting people know you take things seriously.
The standard is pretty readable and all the things it says to do are completely reasonable and things that you should be doing anyway (or at least gave a policy around).
My email is in my profile and I’m happy to share my boilerplate security policy with you.
I would do Cyber Essentials, and then once you’ve done the work for that Cuber Essentials plus should be straightforward.
Most large businesses corporate IT departments realise that ISO certification is not something that small suppliers can do.
I do know of companies that have stopped at Cyber Essentials plus and had no problems.
One thing I have done previously is to create an IT security policy that is “aligned” with 27001. That can go a long way towards letting people know you take things seriously.
The standard is pretty readable and all the things it says to do are completely reasonable and things that you should be doing anyway (or at least gave a policy around).
My email is in my profile and I’m happy to share my boilerplate security policy with you.