ISO 27001 Consultancy
About
ISO 27001 is an internationally recognised standard for information security management systems. Any organisation that wishes to meet this standard must be independently and regularly audited to maintain their accreditation.
​
As a result of this scrutiny ISO 27001 is often seen as the gold standard for requirements when implementing an information security management system (ISMS).
An ISMS provides a framework for managing information security within an organisation. The ISMS is supported by a range of resources such as people, training, policies, procedures and controls. Once embedded within an organisation the ISMS must be maintained and forms part of your day to day activities.
​
In achieving accreditation, your organisation is demonstrating its ability to follow information security best practice.
​
How could your organisation benefit?
-
Demonstrate a commitment to information security which can enhance your reputation / trustworthiness in the eyes of customers and peers.
-
Reduce the complexity and effort required to meet tender and supplier assurance compliance requirements.
-
Accreditation could provide commercial opportunities with clients and industry sectors which require a recognised level of security certification such as financial services and the public sector.
​
-
Reduced information security and business risk.
-
Improved capability for responding to security incidents, business interruption and threats.
-
Embeds within your organisation a culture of continuous improvement.
-
Provides organisations with a better understanding of its processes and their associated risks.
-
Gain a competitive edge by demonstrating your operations and processes operate securely.
How can we help?
Planning and implementing ISO 27001 is often seen as complex and time consuming. To be effective, any ISMS must become embedded within your day to day operations and processes. It is this cultural and business change that is often underestimated.
​
So how can we help?
​
Initial assessment / Gap Analysis: Our consultants will work to evaluate your current security posture and readiness. We can also provide you with a pathway towards achieving certification.
Implementation - Our team can provide the tools, documentation and expertise needed to fast track your organisation towards certification.
Working flexibly, in either a consultative or implementation role, allows us to work with a range of organisations regardless of size, expertise or resource.
​
We can help with all stages of planning and implementation including:
​​
-
Establishing the context your organisation works within and interested parties.
-
Setting the scope and boundaries of your management system, ensuring its validity.
-
Undertaking and documenting risk assessments.
-
Creating your statement of applicability and justifying any exclusions.
-
Implementation of controls – We can help with the selection and implementation of tools that will meet the requirements of the ISO 27002 Annex A. For example - policies, procedures and technical solutions.
-
Internal auditing – To ensure your ISMS is ready for external audit and certification.
-
Policies and procedures – We are able to create policies, procedures and other supporting documentation tailoring them to meet the requirements of your organisation.
Training - ISO 27001 is a standard that organisations must live with day to day once embedded. We can provide training and knowledge which will enable key staff to prepare, implement and sustain the management system in the long term.