Having a 27001 certificate doesn't necessarily mean you are 'more secure' than a company who hasn't certified. It simply means you are managing information security risk to a level which is deemed sufficient by a certification body. Take this in to consideration when you're completing supplier due diligence and the only question you ask is 'are you 27001 certified?' If you're not sure what questions you should ask as part of your supplier due diligence process, drop me a PM and I'll see if I can give you some pointers.
Indeed, and if the scope of ISO27001 is the reception area where the risk was mitigated by removing the computer, it won't help for various critical departments.
Securing your most sensitive discussions and documents
1moIt always comes down to where the rubber meets the road. It's not what you say you will do on paper (just to get certified) but what you or the many different groups and teams in the business actually do every single day.