We ensure full end-to-end maintenance and assistance, which allows companies to obtain certification under ISO 27001:2013, by performing all operational activities. The fully managed certification process is useful for companies, which aim to improve their security but do not want to recruit teams to start internal projects.
How do we do it?
Using our methodology for assessment, planning, provision of procedures and improvement, we can integrate information and physical security in an effective manner in each organization.
Our certified consultants have considerable experience with ISO 27001 standards, as leading auditors, contractors and integrators. This ensures that we meet the requirements of our clients and can ensure support with added value by using our industry insight, knowledge and expertise in order to meet certification requirements.
What is our approach?
1. Assessment of gaps and definition of scope
Initial certification begins with our consultants for ISO 27001, who develop in-depth understanding of the position of your organization, assessment of the current condition of information security in your organization in relation to ISO 27001, as well determining the scope of certification under ISO 27001.
2.Risk assessment
The register of information assets has been developed so as to reduce asset duplication, promote greater efficiency and discover all potential risks. The activities, related to risk assessment, are used for identification and assessment of all possible threats to security and vulnerabilities in the system, before identifying the risk appetite of the organization to plan risk-reduction or treatment activities.
3. Preliminary audit assessment
The consulting team of ‘IS Consult Service’ Ltd conducts internal audit in compliance with ISO 27001 and develops a report for corrective actions. We conclude with confirmation of the readiness of the organization for an external ISO 27001 certification.
4. Developing the ISMS framework
Then our ISO 27001 consultants develop policies and procedures for implementation of an ISMS (Information Security Management System). This includes defining the management structure for ISMS (Information Security Management System) of the organization, developing the necessary process to support the implementation of the ISMS, including policies, procedures and indicators for assessment of the implementation of the ISMS.
5. Certification under ISO 27001
If necessary, our consultants and experts on ISO 27001 can identify and choose an external certification body, coordinate with a certification auditor, and support the certification audit by submitting all necessary documents and evidence to the auditor. We can also provide full maintenance for ISMS (Information Security Management System) performance management.
Which areas of ISO 27001 do we cover?
IS Consult Service Ltd covers all areas of ISO 27001, listed below:
- Company Information Security Policies
- Organization of Information Security
- Human Resource Security
- Asset Management
- Access Control
- Cryptography
- Physical and environmental security
- Operation Security
- Telecommunication security
- System acquisition, development and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity managemen
- Compliance
Consulting services under ISO 27001 include an entire condition assessment, risk assessment, development of a framework of the ISMS, maintenance of training and integration, validation of performance through internal audit and support of the organization for certification under ISO 27001.
Be responsible
ISO 27001 is a set of best practices and appropriate implementation would ensure tangible and intangible benefits. An organization should not be audit oriented. Aiming for zero non-compliance is like saying, ‘I’m not open to suggestions/improvements’. Non-compliance doesn’t necessarily imply something bad for the organization. External auditors (for certification or internal audits) have a lot of industry experience and hence, audits also help in identifying areas for improvements.
Having a proper document and record control guideline and following it in spirit helps during an ISO 27001 audit. An organization’s objective to acquire the certification also puts a lot of things into perspective. Quick certification to attract business often dilutes the effectiveness of the implementation. It also indicates whether the standard is implemented adequately in relation to established controls.
IS Consult Service Ltd can conduct external audits under ISO 27001: 2013 on your behalf and necessarily with your participation. If one of your barriers is simply the lack of knowledge of auditing techniques or how to audit specialist areas according to ISO 27001, we can support you in the development of a complete external audit strategy. We can participate as your trusted consultant in meetings with external auditors and to represent you, if necessary, on your behalf. If necessary, we can manage your complete external audit of ISO 27001 and we will be pleased to have the opportunity to discuss your requirements with you.