Information Security is a growing concern for many organisations; with increased security and data breaches being reported, data is big business. Organisations are increasingly requested to demonstrate how they effectively control Information Security from regulators, clients, employees, legislative and enforcement bodies, prospective customers and stakeholders. If the organisation fails to demonstrate effective controls this may lead to being excluded from tenders, and could result in regulatory fines and damaging reputation. Organisations are therefore implementing an Information Security Management System (ISMS) in line with ISO 27001.
There is no ‘typical’ or ‘one size fits all’ ISMS; our consultants have developed a flexible but detailed approach that will help you achieve certification. We have varied experiences of working with companies of all sizes and we will work with you in implementing an ISO 27001 accredited ISMS to fit your organisation. This ensures that you can successfully achieve your compliance goals on time and on budget.
ISO 27001 can be daunting, but our consultants will be on hand to guide you through the steps, these include:
- Creation and development of the main ISO27001 Clause 4-10 documentation,
- Support, development and guidance on an information security risk assessment,
- The creation of all appropriate Annex A control documentation and completing the Statement of Applicability (SOA)
- Advice and guidance on the implementation of the required Annex A controls
- Facilitation of a Management Review
- Conducting an internal audit
- Supporting you through the third-party accredited certification body audits.
We develop a good working relationship with our clients during the initial implementation stage and are therefore considered being ‘part of the team’. We are often viewed as the subject matter experts and will support you through both the continual improvement process and developing maturity in your controls. We will also facilitate the mandatory Internal Audits and continue to support the management review and certification audits.