ISO 27001 Consulting
ISO 27001 Consulting Services from SHC will help you become compliant and certified more quickly. Compliance with external standards such as ISO 27001 is a top priority for many organisations.
It provides a solid framework to manage compliance with industry regulations and legislation. In some sectors, it is increasingly becoming a requirement and effectively a license to trade.
For other organisations it demonstrates assurance of information handling processes and risk management which can provide significant competitive advantage in the marketplace.
ISO 27001 Compliance
Becoming compliant with the ISO 27001 standard shows customers, auditors and other stakeholders that your organisation is serious about managing information security.
Whether you are using the standard as a guideline or working towards certification, our consultants can provide expert assistance in a number of ways: –
Gap Analysis
An ISO 27001 gap analysis from SHC will compare and document your current Information Security Management System (ISMS) with the requirements of the standard. We will carry out a detailed assessment of how you comply with the mandatory clauses of the standard by looking at all the relevant areas of your organisation and infrastructure.
It will also identify where there are adequate controls in place and where there are areas for improvement by reviewing what you have in place against the Annex A Control list from the ISO 27001 standard
Developing Policies and Procedures
Before carrying out an ISO 27001 implementation, it is common for organisations to have inadequate policy documentation and in some cases, no written policies at all. Where policy gaps are identified, we can help you speed up the process of creating policy documents. We can provide both template and bespoke documentation. Our aim is to help you produce policy documents that are practical and brief enough to be useable but robust enough to provide effective information security controls.
Risk Assessment
One of the most difficult and time-consuming elements of implementing ISO 27001 can be carrying out a security risk assessment. ISO 27001 is a risk based framework but it does not prescribe a specific risk assessment methodology. Choosing the correct risk assessment methodology for your organisation is an essential step toward effectively managing your security risks.
The risk assessment methodology should address size of the risks versus organisational risk appetite, apply a consistent asset-based or scenario-based approach. We take a pragmatic approach to assessing and documenting and prioritising the real risks to your business-critical information and help you to develop effective risk treatment plans.
INTERNAL AUDIT
Before you can qualify for an ISO 27001 certificate, you will need to implement an internal security audit program. You will also need to have carried out at least some of the audits from your schedule. Our consultants can help you get up to speed quickly by walking you through the security audit process.
Our internal audit service is also aimed at organisations who already have an internal audit program in place but need assistance with the audit workload or who feel they would benefit from a fresh pair of eyes from time to time
ISO 27001 Certification Preparation
We can provide expert assistance to guide you through the certification process to ensure you are fully prepared for the final certification audits with your UKAS accredited certification body. We can also attend the certification audits themselves, if you want the additional support, to ensure that the quality and effectiveness of your Information Security Management System is communicated to your external auditor, in terms that will be familiar to them.
Management review
Periodic management reviews are a cornerstone of an ISO 27001 based management system and you will need to have held at least one management review to gain certification. An experienced SHC consultant will guide you through the process and ensure effective review of internal and external audit results, security incident records and your updated risk assessments to help you ensure continual improvement of your security management system.