ISO 27001

Whether you are looking to achieve ISO27001 certification, or simply follow the standard to inform and shape your information risk management programme, the pathway to compliance and/or certification is not a straight-forward one, and can require many months to achieve.

The process requires a significant degree of buy-in across the organisation and the commitment of internal resource - the extent of which can influence both outcome and timeframe.

One thing that can greatly reduce the burden of the entire process is the appointment of an experienced external consultant. Our team of consultants have delivered ISO27001 certification projects across a number of planned phases and steps, from the preliminary review of the readiness of the organisation; the collation of an asset register; conducting a risk assessment; agreeing appropriate security controls; the development of policies and procedures to effect these controls; implementation and monitoring; formal document review; mitigation of non-conformities; and final assessment and certification.