This sought after certification is now becoming almost mandatory for many organisations that have an online focus and are managing customer data.
ISO 27001 is the international standard for information security and involves the development and management of an Information Security Management System (ISMS).
Our team have a track record of successful implementations and updates to the standard (e.g. the update to the 2022 version).
We have the necessary skills, experience and an ISO 27001 toolkit. This enables us to fast track your implementation.
Note – We also set up an ISO 27001 management environment within Microsoft Teams.
We have years of experience in implementing ISO 27001. Our customer base is broad and covers many different types and sizes of organisations.
We start the process by undertaking a detailed gap analysis of the organisation and its approach to controlled security measures.
The assessment is done aligned to the control requirements of the ISO 27001 standard.
Once the gaps are reviewed and documented, the next step is to apply the required controls.
This is documented in a ‘statement of applicability’ which defines how the standard is going to apply to your organisation.
Note – this is one of the major documents in the ISO 27001 standard.
At this point, we have understood the gaps in compliance and we have documented and agreed the controls we need to implement.
The next step is to develop a suitable plan for control implementation, the required change management and target operating model changes that will be needed.
ISO 27001 requires there to be strong and effective governance in place around information security in general, but specifically relating to the Information Security Management System (ISMS).
We will establish a security working group e.g. Information Security Working Group (ISWG) and our lead implementer would chair the meetings for the duration of the implementation.
We would then adopt our ISO 27001 toolkit of documentation to fast track this key stage of the implementation.
Documentation would need to be fully aligned with the desired working practices and involves significant effort to review and refine as required.
Apart from documentation, the standard requires a significant change to many IT operational processes and procedures.
The lead implementer is heavily involved at this stage in managing that change within the organisation.
After a few months, the organisation is ready for its internal audit. This is undertaken as if it were a certification audit and requires a total review of the implementation.
The audit findings are then produced and a report is issued with all observations and any non-conformities.
Once the internal audit has been completed successfully, the organisation is then ready for its external certification audit, which is undertaken by an authorised third-party.
We are on hand to support our clients during this phase of the implementation including being in attendance during the actual certification audit itself.
We typically base our implementation schedule over a six to eight month period. While some organisations may offer shorter timelines, our experience shows that this duration is generally required for effective delivery.
We offer flexible monthly payment terms for your implementation. You can spread the total fee across six monthly payments.
Having an ISO 27001 certification has many potential benefits.
Being certified in the international standard for information security will have commercial benefits. These are likely to be realised through meeting due-diligence requirements from potential customers and scoring higher in competitive tendering scenarios.
It’s very easy to enrol on one of our online or classroom based training courses.
Simply fill out the contact form and we will be in touch to find out your exact requirements e.g. number of licenses, desired date and preferred location (if classroom based).
