The pandemic has brought upon unexpected results, amongst them the accelerated pace of digitization due to social distancing requirements and working from home as default mode. These sudden albeit evolutionary changes force organizations to rethink how they handle sensitive data and manage cyber security. After all, more people spending more time on the internet means more risk exposure. ISO27001 details the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).
Demonstrates that the organization has identified the risks, assessed the implications and put in place systemised controls to limit any damage to the organisation, thereby improving customer and business partner confidence
Scoping – Determine the scope of the ISMS which involves determining things like what are the business units, processes, locations etc to be audited and certified eventually.
Synergies with ISO 22301 business continuity management system for more a robust BCM
Planning – Identify key IT assets, conduct gap analysis and risk assessments to determine the scope of applicability
Increased business resilience
Fieldwork – Involve stakeholders in the planning of the design and implementation processes using any project management tools such as Agile or Gantt Chart. Design and establish relevant documentation information. Plan and conduct ISO27001 related training for staff if required.
Compliance with commercial, contractual and legal responsibilities
Trial & Experimental – Allow processes to run and fine-tune any issues that may crop up after implementation. Monitoring if the controls are working or not.
Pre-certification – Conduct internal checks such as IT performance review, internal audits and management review.
Getting certified – Engage a certification body to conduct independent audit.
How can we help you?
Contact us for the following. We would be able to assist you in your ISO 27001 journey even if you are just looking at alignment without certification. We will help you with:
System gap analysis
Consultancy for design & development of controls
ISO27001 Requirements and Internal Audit trainings