ISO27001 is an information security management system (ISMS) that organisations can use to manage appropriate controls to protect the confidentiality, integrity and availability of their information assets.

 

Having implemented, managed and maintained an ISMS compliant to the requirements of ISO27001 for a number of years within different organisations, we can advise on all aspects of implementing, managing and maintaining an ISMS and provide expert assistance to organisations who want to either achieve certification, or simply use the framework to manage their own information security programmes.

​

If organisations wish to achieve certification we can help them from the initial phases of scoping and designing the ISMS right through Stage 1 and Stage 2 audit stages of the certification process and also help organisations maintain certification.

​

ISMS Consulting Services that we can provide include:

 

• Scoping your ISMS and aligning this with the objectives of your organisation

• Policy design and implementing to fit the needs of your organisation

• Implementation of a suitable risk assessment process - see our Risk Assessment section for more details

• Advice on the information security controls that you can apply

• Integration with other ISO management standards or other information security standards, for example PCI DSS

• Integration with Privacy Management Systems

• Practical assistance with guiding your organisation towards audits

• Setting up a system to record non compliance and implement continual improvement as part of your internal audit processes

• How you would perform due diligence processes with your suppliers 

• Help you implement incident management and information security continuity management

• Testing aspects of your ISMS

• Information Security Awareness Workshops

• Extending the scope of your ISMS

​

We are now offering gap analysis and consultancy for transitioning your ISMS to the new 2022 version!

​

​

​