Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first

ISO 27001 Certification: The Commercial Impact

This blog, describes the impact on sales and what you can expect if your business is heading down the route of ISO 27001 certification. With Experience from five different B2B software businesses, this is a first hand experience of the difference ISO 27001 certification makes to sales. If you are a sales leader in software listen closely.

The Market Landscape

The undeniable fact is that the landscape and importance of information security are changing. It is no longer just an afterthought and a nice to have tick in the box. More and more organisations are only dealing with suppliers that are ISO 27001 certified. This includes all of their supply chain not just their technology suppliers. In 2006 there were less than 6,000 organisations globally ISO 27001 certified, in 2019 we had more than 36,000.

The risks of non-compliance are well documented. With the introduction of steeper and steeper fines and the damage of the press coverage, it is no wonder that business owners still see ISO 27001 as a means to prevent the risk of data breaches and fines becoming reality. There is far less publicity and awareness of how ISO 27001 certification is a catalyst for growth, opens doors to new markets and customers that you hadn’t even thought about.

The Commercial Impact

If you are not ISO 27001 certified as a tech business you are losing leads every day. Customers putting together a shortlist are looking for this on your website before they even contact you. If your competition has it, you are not competing on a level playing field and you probably don’t even know it. This is regularly becoming knockout criteria in tenders and so many vendors still don’t have it.

The need is spreading by sector and spreading fast. This is not just public sector or financial services but insurance, membership orgs, retail, travel…. the list is endless.

I worked for a SaaS organisation in 2017. I received a call from a prospect who is part of the biggest group in their sector, in the world. The prospect was just about to complete a tender, that my company hadn’t been invited to. They had ended up with a shortlist of 3 of the competition that were not ISO 27001 certified, and so at the 11th hour had gone looking for one that was. They became a customer in 2018 and are still a customer today.


ISO 27001 accreditation puts the USP of information security in the hands of your sales staff and not your IT department. Rather than have your prospects IT team pouring through the detail of 100’s of security process questions, often just saying you are ISO 27001 is enough to keep them satisfied. Your sales team can focus on selling the benefits of being secure and compliant.

Being in sales means you want and need to take the credit for sales you bring in, but in all honesty, ISO 27001 was the best salesman I ever had.