We help companies and organizations prepare for ISO/IEC 27001:2013 Certifications. Our certification preparation services help organizations build and implement effective Information Security Management System (ISMS) using provisions of ISO/IEC 27001:2013 framework.
Our years of experience in getting clients of all size and complexities successfully certified across the country and across various industries, gives us the insight necessary to understand the specific requirements of the standard and how each control or clause should be implemented to satisfy the needs of the standard and thereby of the auditors of the registrar certifying body (RCB) leading to certification.
Our Certification Preparation service framework is presented in the following info-graphics:
We help define scope of ISO/IEC 27001 (ISMS) implementation: When a company or organization decides to implement ISMS, they first need to define its scope. Simply put, it is important to identify and decide what information the company intends to protect. It is required for ISO 27001 Certification under Clause 4.3
Once the scope is defined, we help to create all ISMS policies.
We identify all assets that need to be covered under the defined scope of ISMS. The assets should include: Databases, Applications, Systems, People, Process, Technology and Physical Locations.
Risk Assessment & Treatment Plan:
We build a robust risk assessment and risk treatment plan. The plan should include building a risk register along with: Assets, Threats, Vulnerabilities, Impact, Likely-hood, Controls Necessary, Residual Risk and Risk Acceptance Criteria.
Once risk treatment plan is drawn, we conduct a Gap Analysis to identify gaps between security-controls required by the standard and security-controls already applied within the ISMS scope. Gap Analysis report leads to a security improvement plan.
We work with your IT/security and management teams to get the required controls (per the Gap Report) implemented to the specifications of the standard.
Training & Awareness:
We help your team build the organization-wide security training and awareness program.
Stage 1 & Stage 2 Audits:
We prepare you for the external Certification Audit and provide continuous support as required.