Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first

A Guide to ISO 27001 for the Property Developers 


For organisations operating in the property, proptech, and surveying sector, complying with professional governance requirements like the Royal Institute of Chartered Surveyors (RICS) Code of Conduct and privacy legislation such as GDPR can be crucial to success.

Companies within this sector tend to hold sensitive data, including resident information, as well as health, safety, and sustainability regulations. This information needs to be protected as effectively as possible to avoid cyber-attacks and potential data breaches.

Failing to prevent or appropriately respond to security incidents like data breaches can cause severe reputational damage. On the other hand, building an information security management system (ISMS) and achieving certifications like ISO 27001 for property developers can be a key differentiator between your business and your closest competitor in a tender.

In this article, we explain the importance of ISO 27001 for estate agents and property developers.

What is ISO 27001?

ISO 27001 is a globally recognised standard and best practice for information security. The standard is a framework enabling your organisation to establish, implement, operate, monitor, review, maintain, and continually improve an ISMS.

An ISMS, when aligned with ISO 27001 standards, systematically ensures the confidentiality, integrity, and availability of data and information assets. Successful ISO 27001 certification proves to your current and potential customers that your organisation is efficiently managing the security and confidentiality of the information you hold. 

As well as the reputational benefits of ISO 27001 for property developers, certification also ensures that your business is more resilient to cyber-attacks and decreases the risk of costly data breaches – reducing the potential cost and damage if a breach is successful. It also helps you comply with other industry-wide pieces of legislation, such as GDPR.

How does ISO 27001 certification help the property sector comply with the RICS Rules of Conduct?

In line with the latest RICS Rules of Conduct released in 2021, ISO 27001 for estate agents and property developers can help your business comply with several requirements.

  • 1.9 Members and firms protect confidential informationand only use or disclose it for the purposes for which it was provided, where they have the necessary consent to do so or where required or permitted by law. 
  • 3.5 Members and firms undertake their work in a timely manner, with due care, skill, and diligence, and following RICS technical standards. 
  • 3.12 Members and firms check that all data used is accurate and up to date, is kept securely, and that they have proper legal rights to use it and, where required, share it. 

Compliance with ISO 27001 for property developers and estate agents helps address all the above requirements. Data protection is a key topic, and to do this successfully, businesses need to know:

  • The data they have,
  • The risks that exist,
  • What they can do to mitigate that risk,
  • How to help their staff and clients with the right processes.

Is ISO 27001 right for your property organisation?

Is your organisation completing important information security tasks using Word, Excel, and document storage files that aren’t linked up or automatically aligned?

Are your policies and procedures at risk of going out of date or not being reviewed by relevant (or all) staff?

Are you struggling to log your information assets and the risks associated with them, or are you unable to easily collect evidence?

Building an ISMS that aligns with ISO 27001 for property developers could be the solution.

How can my business comply with ISO 27001 for property developers?

At Hicomply, we break down the ISO 27001 certification process into six steps, as outlined below.

Step 1: Scope your ISMS

First, define the scope of your ISMS to ensure it’s appropriate for your property organisation.

Your ISMS scope should account for:

  • Company size
  • Complexity
  • Legal and regulatory requirements
  • Any external and internal issues

Step 2: Create your asset register

The purpose of your asset register is to record and manage your assets. These assets include elements such as your organisation’s hardware, software, information, and infrastructure.

Step 3: Carry out risk assessments and treat identified risks

Risk assessment and treatment ensure that you understand how risks could impact your organisation and have a plan in place to mitigate these risks.

Step 4: Apply policies and procedures

Next, document your policies and the processes that protect your data. The number of policies required for ISO 27001 certification varies depending on the size of your business, your industry, and the regulations or laws you must comply with.

Step 5: Generate your statement of applicability (SoA)

To create your SoA, you should include each clause, control ID, evidence of your decision to include or exclude each control in the scope of your ISMS, the process owner, and any further information such as risks mitigated. 

Step 6: Carry out your internal audit

The internal audit is key to ensuring your business’s ISMS meets the requirements for the ISO 27001 standard and will put you in the best position for success when it comes to bringing in an external auditor. Discover how prepared your organisation is with our ISO 27001 internal audit checklist.

Once you’ve completed your internal audit and addressed any issues raised, you’re ready to ace your external audit and achieve certification.

Learn more about the six steps to ISO 27001 certification.

How long does the ISO 27001 for property developers certification process take?

The traditional route to ISO 27001 certification, involving hundreds of spreadsheets and documents for evidence, often takes businesses up to a year to prepare for an external audit and certification. Businesses using Hicomply can be audit-ready in two to three months using our ISMS scoping tool, automated asset register, task management tool, policy and procedure library, and third-party integrations.

Comply with ISO 27001 for property developers and estate agents

Team Hicomply has helped hundreds of companies on the journey to comply with ISO 27001 for property developers and estate agents, and we work with many organisations in the sector.

Discover the cost of ISO 27001 or book a demo to find out more about how your organisation can achieve ISO 27001 compliance as you work!