ISO 27001 Services
ISO 27001:2013 Certification
ISO/IEC 27001:2013 is the international standard for an information security management system (ISMS). An ISMS embeds security in to an organisation through the Plan-Do-Check-Act life cycle, with ongoing reviews and assessments ensuring that issues and risks are continually identified and addressed.
Certifying to ISO 27001 helps demonstrate that you have mature, risk led, information security practices in place with executive support and engagement. For this reason, ISO 27001 certification is increasingly the standard expected by larger organisations from businesses in their supply chain. It can also help show credibility when bidding for business and assist you in meeting specific regulatory obligations.
We can help you prepare for and certify to ISO 27001 and manage your ISMS thereafter on an ongoing basis.
A one-day workshop, during which we’ll talk you through the requirements of ISO 27001 in detail and discuss the options available to your organisation if you choose to certify.
We’ll discuss the context of your organisation, interested parties, potential scope (including multi-site certification options where applicable) and walk through the requirements of the standard and Annex A as compared to your existing information security practices and controls.
A gap analysis assessment typically delivered over 3 or 5 days during which we assess your readiness for certification audit, collect information on the context of your organisation, review the potential scope of coverage with you, consider existing policies, controls and records and provide a report setting out findings and recommendations.
We assess you against all requirements of the standard and your controls against Annex A. After providing you with our report we also attend a debrief meeting with you during which we’ll discuss our findings and potential next steps.
Onsite or remote consultancy to provide you with the expertise or resource need to help to plan and implement your ISMS and complete your first round of internal audits and management review before your certification audits. We can lead your project, handle discrete work packages or contribute as an adviser, depending on your requirements and internal expertise.
Our ISO 27001 consultancy can be delivered on a day rate or outcome basis or as part of a subscription service, delivered over 12 months.
Our consultants can help you set up and implement your internal audit programme, or carry it out on your behalf.
We can also help you to identify a suitable Certification Body and be on-hand during your Stage 2 certification audit.
A certified ISMS requires ongoing review and management, within the Plan-Do-Check-Act life cycle. Internal audits, risk assessments, management reviews, addressing corrective actions and undergoing annual surveillance audits and re-certification audits every three years can be resource intensive.
We can manage your ISMS for you, as a virtual member of your team after certification, as part of a subscription service delivered over 12 months.
ISO 27001 gap analysis and recommendations for a financial services organisation
ISO 27001 implementation project for a marketing data analytics SaaS software provider
ISO 27001 advice for an NHS Hospital to meet the DCB1596 secure email standard
ISO 27001 workshop and recommendations for a video game development studio