As the volume of cyber-attacks are increasing year on year, businesses are coming under increasing pressure to provide assurances to clients, customers and partners to demonstrate that they are equipped to protect their data.

Aligning or getting certified to an industry standard like ISO 27001 is an effective way in which this can be demonstrated.

ISO 27001 sets out the requirements for an Information Security Management System (ISMS) with the aim of helping businesses keep their information assets secure.

How can your business benefit from aligning or getting certified to ISO 27001?

• It can help in protecting your organisation from cyber security threats
• It can help to give you a commercial advantage over your competitors
• It can help to enhance the awareness of information security
• It can help you comply with contractual and regulatory requirements
• It can be used to satisfy many third-party due diligence questionnaires

If your business is considering aligning or getting certified to ISO 27001, Secora Consulting can assist you along the entire project journey.

 

Download our ISO 27001 data sheet to learn more about our services

Our Approach

Secora Consulting can assist you in all aspects of your ISO 27001 journey from gap analysis through certification. In order to achieve a successful ISO 27001 implementation we recommend the following project which we have broken into three core phases.

Phase 1 - ISO 27001 Gap Analysis

If your business is considering aligning or getting certified to ISO 27001, we will firstly conduct a gap analysis on your business.

Our ISO 27001 Gap Analysis will provide you with a true picture of your compliance gaps against ISO 27001 and provide you with expert advice on your current areas of compliance and highlight which areas require improvement, providing you with an informed assessment of:

• Your compliance gaps against ISO 27001
• The proposed scope of your information security management system (ISMS)
• Your internal resource requirements; and
• The potential timeline to achieve certification readiness.

One of our experienced consultants will interview key stakeholders and conduct an in-depth review of your existing information security arrangements and documentation. They will then issue a report based on their findings. The report will highlight areas of positive compliance along with areas which require further improvement as well as recommendations based on their own experience for the overall ISO 27001 compliance project.

Phase 2 - ISO 27001 Implementation Support

Upon completion of the Gap Analysis, we will help you develop a project framework for implementation based on the findings of Phase 1. This framework will include a timeline which will be based around your organisation's goals and desire as to when you would like to achieve certification.

Once the project timelines are agreed our consultants will work with you to develop and work through a list of actions which need to be completed at pre-agreed stages in order to be in a position to achieve certification within your desired timeframe.

The actions set out by our experienced governance, risk and compliance consultants will cover all key phases of an Information Security Management System (ISMS) implementation project set out below:

Phase 3 - Internal Audit

Our Internal Audit service is delivered by our experienced ISO 27001 consultants who have detailed knowledge of best auditing practices and a wealth of practical experience of implementing and maintaining ISO 27001 compliant ISMS for organisations of all sizes across numerous sectors from financial, government, utilities and SaaS.

Our internal audit will consist of:

• A detailed review of all relevant documentation.
• On-site physical security audit of premises (if required).
• Interview with relevant staff and stakeholders within the organisation.
• A ‘walk-through’ of your ISMS to observe the implementation effectiveness within your organisation.

Upon completion of the internal audit, you will receive a detailed audit report which will highlight any non-conformities identified, and include remediation advice in order to remove these non-conformities. This should help your organisation effectively meet the Standard’s requirements ahead of your certification audit.

Knowledge Transfer - All Phases

As part of this project our consultants will also transfer their knowledge and expertise of how to successfully implement and maintain an ISO 27001 compliant ISMS to your project team. This should make certain that your business can effectively manage their ISMS going forward and transfer it to other elements of the business should you be required to do so.

What to Expect

Phase 1 - Gap Analysis

Secora Consulting will provide a report detailing the validation of all existing information management and security controls, and identify any missing on incomplete areas that will require remediation prior to certification. These will be provided in a prioritised roadmap to help identify ‘quick wins’ and focus on making significant improvements to their overall security posture quickly and efficiently. We will also include our opinion on the remediation effort timelines and any areas where we can assist in the remediation efforts by providing specialist resources.

Phase 2 - Implementation Support

Secora Consulting’s consultants will provide you with expert guidance and advice throughout the implementation phase ensuring the project timeframe is maintained at all times where possible. We will also give insight on how policies, procedures and controls can be effectively implemented to work with your organisation while maintaining compliance with ISO 27001.

Phase 3 - Internal Audit

Upon completion of the internal audit, you will receive a detailed audit report which will highlight any nonconformities identified, and include remediation advice in order to remove these nonconformities. This should help your organisation effectively meet the Standard’s requirements ahead of your certification audit.

Testimonials