ISO 27001 was developed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.
To achieve ISO 27001 Certification, a company must be able to demonstrate to an auditor that all the relevant organisational, technical and physical controls have been defined and produce a Statement of Applicability (SOA) showing how these have been implemented proportionately.
Helping companies achieve ISO 27001 certification
Our Lead Auditors have a wealth of experience helping companies achieve the ISO 27001 standard. Though we are not a Certification Body ourselves, we can help prepare your company for certification and work with a number of Certification Bodies to help make the experience as seamless as possible.
Our initial engagement is often to conduct a “Gap Analysis” to show how far the company is away from implementing the required controls and give realistic expectations on the cost required to fill the gaps.
We can then navigate you through the requirements, including:
- Defining the security policy.
- Defining the scope of the ISMS.
- Conducting a risk assessment.
- Managing identified risks.
- Selecting control objectives and controls to be implemented.
- Preparing a statement of applicability.
All the way through to implementation, review and Certification!
Our Documentation Toolkit
There are several documents (including a security manual, policies and procedures) that must be written to demonstrate sufficient governance. It can be a daunting experience, so Indelible Data have compiled a series of templates covering the entire ISMS to help you on your journey.
The templates correspond to every control within the ISMS – as can be seen in the template Statement of Applicability.
Our documentation toolkit can be found in our shop.
If you require assistance implementing the Toolkit, please get in touch!
More information about the standard can be found at ISO.org