ISO 27001, is a testament that the company has created information security management system. It emphasizes that data security and protection is followed by the company. If you are a company with less that 20 ppl, I will suggest do it manually. If you are bigger company you might need a compliance tool. Ideally it take 12-14 weeks to get the certification. You can reach me for more details.