As the volume of cyber-attacks are increasing year on year, businesses are coming under increasing pressure to provide assurances to clients, customers and partners to demonstrate that they are equipped to protect their data.
Aligning or getting certified to an industry standard like ISO 27001 is an effective way in which this can be demonstrated.
ISO 27001 sets out the requirements for an Information Security Management System (ISMS) with the aim of helping businesses keep their information assets secure.
How can your business benefit from aligning or getting certified to ISO 27001?
- It can help in protecting your organisation from cyber security threats
- It can help to give you a commercial advantage over your competitors
- It can help to enhance the awareness of information security
- It can help you comply with contractual and regulatory requirements
- It can be used to satisfy many third-party due diligence questionnaires
If your business is considering aligning or getting certified to ISO 27001, Secora Consulting can assist you along the entire project journey.
Download our ISO 27001 data sheet to learn more about our services
Secora Consulting can assist you in all aspects of your ISO 27001 journey from gap analysis through certification. In order to achieve a successful ISO 27001 implementation we recommend the following project which we have broken into three core phases.
Phase 1 - ISO 27001 Gap Analysis
If your business is considering aligning or getting certified to ISO 27001, we will firstly conduct a gap analysis on your business.
Our ISO 27001 Gap Analysis will provide you with a true picture of your compliance gaps against ISO 27001 and provide you with expert advice on your current areas of compliance and highlight which areas require improvement, providing you with an informed assessment of:
- Your compliance gaps against ISO 27001
- The proposed scope of your information security management system (ISMS)
- Your internal resource requirements; and
- The potential timeline to achieve certification readiness.
One of our experienced consultants will interview key stakeholders and conduct an in-depth review of your existing information security arrangements and documentation. They will then issue a report based on their findings. The report will highlight areas of positive compliance along with areas which require further improvement as well as recommendations based on their own experience for the overall ISO 27001 compliance project.
Phase 2 - ISO 27001 Implementation Support
Upon completion of the Gap Analysis, we will help you develop a project framework for implementation based on the findings of Phase 1. This framework will include a timeline which will be based around your organisation's goals and desire as to when you would like to achieve certification.
Once the project timelines are agreed our consultants will work with you to develop and work through a list of actions which need to be completed at pre-agreed stages in order to be in a position to achieve certification within your desired timeframe.
The actions set out by our experienced governance, risk and compliance consultants will cover all key phases of an Information Security Management System (ISMS) implementation project set out below:
- Setting up the project
- Management framework
- Project leadership
- Interested parties
- Management system risk assessment
- Risk assessment and treatment
- Risk acceptance criteria
- Legal, authority and contractual requirements
- Assessment methodology and approach
- The risk treatment plan
- The Statement of Applicability
- The residual risk report
- Selection of controls
- Review and recommendations
- Competence and documentation
- Competence framework
- Communication plans
- Staff awareness and training
- Document management process
- Performance evaluation
- Management review
- Preparation for certification
- Review of certification readiness
- Coaching of individuals likely to be involved in the audits
- Help with selecting and appointing an accredited certification body.
Phase 3 - Internal Audit
Our Internal Audit service is delivered by our experienced ISO 27001 consultants who have detailed knowledge of best auditing practices and a wealth of practical experience of implementing and maintaining ISO 27001 compliant ISMS for organisations of all sizes across numerous sectors from financial, government, utilities and SaaS.
Our internal audit will consist of:
- A detailed review of all relevant documentation.
- On-site physical security audit of premises (if required).
- Interview with relevant staff and stakeholders within the organisation.
- A ‘walk-through’ of your ISMS to observe the implementation effectiveness within your organisation.
Upon completion of the internal audit, you will receive a detailed audit report which will highlight any non-conformities identified, and include remediation advice in order to remove these non-conformities. This should help your organisation effectively meet the Standard’s requirements ahead of your certification audit.
Knowledge Transfer - All Phases
As part of this project our consultants will also transfer their knowledge and expertise of how to successfully implement and maintain an ISO 27001 compliant ISMS to your project team. This should make certain that your business can effectively manage their ISMS going forward and transfer it to other elements of the business should you be required to do so.
What to Expect
Phase 1 - Gap Analysis
Secora Consulting will provide a report detailing the validation of all existing information management and security controls, and identify any missing on incomplete areas that will require remediation prior to certification. These will be provided in a prioritised roadmap to help identify ‘quick wins’ and focus on making significant improvements to their overall security posture quickly and efficiently. We will also include our opinion on the remediation effort timelines and any areas where we can assist in the remediation efforts by providing specialist resources.
Phase 2 - Implementation Support
Secora Consulting’s consultants will provide you with expert guidance and advice throughout the implementation phase ensuring the project timeframe is maintained at all times where possible. We will also give insight on how policies, procedures and controls can be effectively implemented to work with your organisation while maintaining compliance with ISO 27001.
Phase 3 - Internal Audit
Upon completion of the internal audit, you will receive a detailed audit report which will highlight any nonconformities identified, and include remediation advice in order to remove these nonconformities. This should help your organisation effectively meet the Standard’s requirements ahead of your certification audit.
Prepay Power partnered with Secora Consulting to help us with multiple cyber security projects ranging from framework and policy building to penetration testing. Secora Consulting takes time to understand each of our organisation’s specific requirements for every project we undertake together, and go above and beyond our expectations in their advice and support throughout each engagement. We have found the whole team knowledgeable, approachable and easy to work with. We highly recommend Secora Consulting to anyone looking for an experienced and reputable cyber security partner for their business.
Secora Consulting are highly knowledgeable cyber security consultants and very easy to work with. The team took the time to understand the needs of Lifford Credit Union and went above and beyond in each step of the process. They happily shared their knowledge in this sector and were understanding of what we required and where potential issues could evolve.
On completing the project, Secora worked through their findings with us and presented a comprehensive and easy to read report that offered further insight into how we can improve our cyber security posture. We highly recommend the team at Secora Consulting to anyone in need of cyber security improvements or reviews within their organisation.
Lifford Credit Union