ISO27001
Implementation
ISO27001 is the Information Security Standard and we know that lots of our clients who deal regularly with personal information are asked if they have it or are sometimes told by clients to obtain it.
ISO27001 certification is evidence that your organisation is meeting an international standard with regard to the security of business information. It can add credibility to your business processes and organisations which handle lots of business or personal information can benefit from certification.
How we help
We know that going for ISO27001 certification may feel daunting as there is lots of different aspects to the certification. The key elements for certification are the statement of applicability, policies and procedures (which should reflect your working practices), risk management, internal audit and then evidence of managing the information system.
We offer a full range of services including:
ISO27001 Implementation Comprehensive Support
When you are ready to start your journey to ISO27001 certification, we can help you with our implementation service.
We have a range of services to suit your budget from the complete implementation service where we do everything for you, write your policies, provide advice on the process, complete your risk management process, complete and cross reference your Statement of Applicability and provide training to staff.
Our comprehensive service provides everything you need to be able to obtain ISO27001 certification and we will even provide a coaching day prior to the certification process so that you are fully prepared for the certification visit. This saves you staff time and creates an information security system that fits your organisation.
If time is tight then this may well be the best way for you to achieve ISO27001 quickly.
Lesley Cooley has proved to be an invaluable asset to our company in the ISO27001 process. Her knowledge and ability to understand the needs of the business were paramount to us achieving certification. She was there throughout the whole process to provide guidance and support and certainly helped to engage and energise all of our staff throughout the process.
RP – London
ISO27001 Policies
Good policies are part of a robust Information Security Management System but writing them for your organisation to make sure that they meet the requirements of the ISO27001 certification process can be daunting when you are trying to achieve certification. You could buy a pack of sample documents but there are a lot of policies within these and they will still need tailoring to your organisation.
We will write your policies to meet the needs of the ISO27001 but which reflect what is happening within your organisation. We try to keep the number of policies which we create to a minimum as it is easier to communicate and regularly review fewer policies. Why create an ISMS which is more complicated than it needs to be?
Risk Management
One of the key elements of a successful Information Security Management System is the ability to manage the risks of the organisation. Frequently businesses manage risk without thinking about it, and without documenting the thought and decision process. Part of the certification process for ISO27001 requires a formal risk management process to be in place.
As a qualified risk manager Lesley, knows how to get the discussion underway about the risks faced by the organisation and how best to document and evaluate those risks.
CONTACT US
ask@audit-and-risk.co.uk