Three key tips to secure your ISO 27001 certification

Cybersecurity has climbed to the top of the agenda in many organisations. More and more are turning to ISO 27001 for answers — and seeking formal certification.

Publiseringsdato: 
12/9/25
Jacob Høedt Larsen
PR & PA

Jacob Høedt Larsen, PR & PA hos Wired Relations, er værten for podcasten Sustainable Compliance og en ekspert i GRC-workflows, understøttet af software, opbygning af et GRC-program, ledelse af et GRC-team og sikring af ledelsens opbakning.

Læs mere fra forfatteren

To explore how to approach the process in the best possible way — and achieve both stronger security and the certification — we sat down with two experienced auditors: Lars Christensen and Mikkel Lundstrøm from Monthe Certificering.

Here are their three key tips:

Let strategy lead the way

When a company approaches Monthe Certificering, there are usually three main reasons they want to become certified.

Some face pressure from customers demanding stronger information security. Others must comply with regulatory requirements — for example from NIS2, DORA or CER legislation. And then there are those whose leadership teams strategically view cyber and information security as a core priority.

According to Mikkel Lundstrøm, the process works best when the motivation is strategic. As he puts it:

“If it’s purely about ticking off a few controls and you push the responsibility down the organisation just to get it done, you’ll end up with a less effective system.”

{{factbox-dark}}

Leadership support is essential

Leadership backing is absolutely crucial for success. That’s the clear experience from Monthe Certificering.

As Lars Christensen explains:

“There’s no doubt that when it’s anchored at leadership level — when it’s a strategic decision and they lead from the front — the chances of success with your management system are much higher.”

Leadership involvement has become increasingly important. As Christensen adds:

“In the past, top management could keep a comfortable distance — but that no longer works. They must now be actively involved.”

Get information security out of the binders

A strategic mindset and leadership support are a strong start — but information security must also live and breathe in the organisation, not just sit in dusty binders.

As Mikkel Lundstrøm puts it:

“In the old days you had metre-long shelves filled with binders of documents. Now it’s about making things less bureaucratic. If you work in a compliance department, you don’t always understand what’s happening on the shop floor. You need to involve the people doing the actual work. The more operational it is — and the fewer binders — the better.”

More inspiration for your ISO 27001 journey

We’ve also spoken to a CIO working with ISO 27001 across 13 countries — it’s a conversation worth hearing.

You can also read our guide on how to manage your ISO work effectively and in a structured way.

And if you’re still a bit unsure about what ISO 27001 is all about, we’ve created a beginner-friendly article explaining the essentials.

📰 Stay Ahead in GRC

Get stories like this straight to your inbox. From GDPR to cybersecurity – we’ll keep you informed on what’s shaping the digital future.

👉 Sign up for the newsletter

Måske er dette også noget for dig

DANX Carousel: “Den største udfordring er at blive set som en hjælper”

Skal vi tjene penge på vores data? Og andre historier fra sommerlandet

Vigtige pointer fra NIS2-vejledning om hændelsesunderretning