- Identification of external and internal information security requirements
- Interview of key people
- Analysis of existing information security management practices and documentation
- ISMS ISO/IEC27001 GAP analysis
- Information security risk assessment
- Design of the ISMS and information security architecture
- Change management of the project
- Drafting information security policies, procedures, standards, instructions and record forms as required adapted to your organisation
- Guidance on ISMS and information security architecture implementation
- Information security awareness training and testing
- Performing ISMS internal audit
- Coordinating ISMS management review
- Coordinating ISMS certification audit
- Participation during the ISMS certification audit
- Successful ISMS certification guaranteed
- ISMS implementation project management
What We Offer
List of identified external and internal information security requirements
ISMS ISO/IEC27001 GAP analysis report
Information security risk assessment report
ISMS and information security architecture blueprint
Drafts of required information security policies, procedures, standards, instructions and record forms
Information security awareness training and testing
ISMS internal audit report
ISMS management review report
How It Works
Typically, a project consists of these 6 stages:
1. Initiation. A project team is formed, the context is defined.
2. Analysis. During this stage existing controls are identified, current documentation and risks are assessed, gap analysis performed.
3. Design. BCMS and business resilience architecture is designed.
4. Implementation. Business continuity policies, procedures and standards are drafted and BCMS record forms are defined.
5. Review. An internal audit and management review is performed.
6. Certification (optional).
We base our service on these internationally recognised standards and methods:
- ISO/IEC27000 family of standards
- ISO20000-1 standard
- ISO 9001
- ISACA standards
- ISSA standards
- ISF standards
- Offensive security standards
- and others