Overview
Whether you're starting from scratch, getting ready for your first certification or upgrading a mature ISMS to the latest standard.
An ISMS that is effective in your organisation
With many years of information technology and information security experience, we can help you build a lightweight ISMS that understands your business model, ensures effective controls and works alongside the technologies you build and use.
Steps to ISO 27001:2022 certification
Gap Analysis and scoping
We conduct a comprehensive assessment of your current information security management system (ISMS) to identify gaps between your existing practices and ISO 27001 requirements.
This analysis covers key areas such as risk assessment, security policies, access control, incident management, and business continuity planning, tailored to the specific needs of SMEs.
ISMS Implementation
We can assist in developing and implementing an ISMS that aligns with ISO 27001 standards, focusing on practical and resource efficient processes.
This includes co-creating necessary documentation, establishing security controls, and training your staff on new procedures.
Stage 1 Audit
An initial assessment by the certification body to review your ISMS documentation and evaluate your readiness for the full certification audit.
Stage 2 Audit (Certification)
A comprehensive audit to verify that your ISMS is fully operational and compliant with all ISO 27001 requirements.
Upon successful completion, your business will be recommended for ISO 27001 certification.
Continuous Improvement
We can provide ongoing support to maintain and improve your ISMS, ensuring continued compliance and effectiveness.
This includes regular internal audits, management reviews, and updates to address evolving security threats and business changes.
Internal Audit
We can help you conduct a setup an internal audit that suits your business, ensuring your ISMS is functioning effectively and in compliance with ISO 27001 requirements.
What we offer
ISO 27001:2022 Gap Analysis
A gap analysis is an in-depth method to understand where your business stands in relation to ISO 27001, and what you need to do to get to certification.
- RAG report
- Existing controls evaluated
- Actionable outcomes
- A basis for implementation
*Based on a typical SME, conducted remotely at one site over 3.5 days.
ISMS Implementation
If you're ready to implement your ISMS, we can help you build a system that works for your business, and is ready for certification.
What we can offer:
- Fully integrated ISMS
- Processes developed to gain and maintain certification
- Processes that match business scale and objectives
- End to end management, or
- Act as SME to support
- We can join your existing team, or bring our own
- Audit management
- Negotiable timescale
Why ISO 27001:2022?
Starting your ISO 27001 journey for a tender, or just looking to scale your business with a competitive advantage?
Either way – implementing ISO 27001:2022, the International Standard for Information Security Management, can bring a number of benefits to organisations — maturing and growing with the company as it scales.
Certification demonstrates your commitment to information security, and can be used as a competitive advantage when adopted early. By improving internal processes and structure, ISO 27001 encourages a culture of security awareness, leading to a more resilient and successful companies and products.