Finding an office in line with ISO 27001 information security management system

ISO 27001 Information Security Management System

ISO 27001 information security management system is built like any other ISO standard, it is structured around the same 10 clauses as other standards. These clauses follow the same high level structure that all other ISO management systems follow, and as a result, these standards all share similar principles.

However, ISO 27001 information security management system goes into further detail about different controls an organisation should implement so as to have an enhanced information security environment and perform the necessary risk management to mitigate any information security risks. There are a total of 93 such controls and are all gathered in what is known as Annex A.

When a company is looking at offices to rent in order to work in, if this company handles sensitive data, such as gaming companies, financial institutions and data warehouses, such entities need to rent a place that is highly suitable from an information security perspective.

  • One of the things that must be covered is access control. Access control talks about how easy it is for a person to gain physical access to the offices. If for instance, Company XYZ is renting an office space in a shared building with other companies, what is the access of other occupants within the building to the space being rented out to Company XYZ? Is there a secure door for every office within the building? Or is there a shared open plan that all occupants can use to freely go from one office to the other?
  • An additional detail which must not be overlooked is the manner of gaining access to the offices – is Company XYZ generating its own key cards for access? Or is there a physical key which a person can use to gain entry to the offices?

    And what about the landlord? The landlord might ask to have the right to freely visit the offices at any given time, however, if Company XYZ deals with sensitive information, it is crucial to have clauses in the signed agreement which state that under no circumstance, can a third party member have free and unsupervised access to the offices. With such a clause in place, the landlord would need to get permission and supervision to access the offices of Company XYZ, as long as the company is renting these offices
  • An additional point to keep in mind with regard to ISO 27001 information security management system when renting an office as a company is to understand the infrastructure, the wiring and the server rooms. It is crucial to know who has access to all these. Is there a CCTV to record server rooms? Is there a fire suppression system in place to protect these rooms? Is the server room well-ventilated and kept at a cool temperature? These precautions must not be overlooked. There might be a case where there is a single server room for all companies who share the building. If someone from another company enters the server room where your server is located, will they automatically have unrestricted access to your server? Or will your server have additional layers of security to restrict access?
  • Equipment maintenance is the next thing to look out for. One of the requirements of ISO certification for ISO 27001 information security management system is to have a maintenance plan on all equipment being used within the organisation which is related to the preservation of information. For most companies, such a maintenance plan generally includes software updates and equipment updates of all owned equipment within the offices.

    However, certain equipment, such as fire extinguishers, fire suppression systems and shared air conditioners, are owned and maintained by the landlord. In that case, it is important that in the rental agreement, you should check with the landlord that this is indeed the case to put your mind at ease.
  • And what about disaster recovery? Remember that disaster recovery is the organisation’s ability to get back on track after a disaster strikes. It is focused solely on getting the IT infrastructure back in shape. If Company XYZ will be renting a space with shared offices, it is important to consider the safety measures and precautions that are taken for emergency situations. What will happen if the power goes out? Will the power generator kick in? and are there fire drills carried out, and if so how often are they done?


Whether you’re after ISO Certification, internal audits, or results-oriented consultancy, Luke has the plan for you. Reach out to him and start your journey today.
ISO Consultant in Malta


Luke has a plan for you whether you want ISO certification, internal audits, or results-oriented consulting. Contact him immediately to begin your adventure.

This is only just a snapshot of what you need to look out for in terms of information security when renting out an office space. Remember, the place is as important as the organisation’s structure. Ensure that the building ticks off these points and any other additional points you want to add with respect to ISO 27001 information security management system.

If you are looking for someone who can help you get ISO certified for ISO 27001 information security management system, then you’re in luck as Luke Desira will be more than happy to help you start the journey towards achieving ISO certification.

Look at what other ISO standards might be suitable for your industry and learn about the training and consultancy that Luke offers for business organisations such as yours.

If you are in the market for an office space suitable for your business needs, look no further than OfficeSpace.

Want to discover more implementing ISO 27001 information security management system?

As an ISO management system consultant Luke Desira will make it his personal mission to put your company on a class above all others!

If you are on the hunt on information on how to get certified, have a look at this guide on how to get ISO certified with Luke Desira, and find out about the 10 pitfalls that you may encounter when implementing ISO in your organisation. Make sure to reach out to him to discover whether there are any funding opportunities o help you get certified for ISO 27001 Information Security Management System.

Don’t forget to follow us on our Facebook and LinkedIn profiles, and subscribe to our Youtube Channel for more great content.

Book a Free 15 minute discovery call

Select a date and time to schedule a free 15 minute discovery call with Luke Desira.

Message Luke through an email


Give Luke a call

+356 7920 6686

Related Articles

fundamental audit concepts
ISO 27001

Fundamental audit concepts and principles for ISO 27001

In this blog, we will be going over the fundamental audit concepts and principles for ISO 27001. Dive in and learn these concepts! The 4 standards that relate to auditing are: Naturally, ISO 27001 is different from the above in the sense that companies from all industries can comply with its requirements and get their

Read More »
Information Security Management System
ISO 27001

What is an Information Security Management System (ISMS)?

A management system is a set of processes to achieve certain objectives. The scope of the management system can relate to one site or more multiple sites of the organization – and it can cover all or some of the processes of the company. Now an information security management system, or in short an ISMS,

Read More »
how to implement ISO 27001
ISO 27001

How to Implement ISO 27001 in your organisation

Are you a listener or are you a reader? In any case, we have got you covered. Dive into the details of how to implement ISO 27001 in your organisation, you can read all about it or listen to what Luke Desira has to say. Hi, I am Luke Desira and in this video, I

Read More »
Scroll to Top