ISMS Implementation

End to End Assistance

As well as using the ISO/IEC 27001 Standard for Information Security Management Systems (ISMS) as a baseline for carrying out information assurance assessments, we can also provide consultancy around implementation of an ISMS within an organisation.

We can provide end-to-end assistance at every stage of ISMS development and implementation.

Although each business – and therefore implementation – is different, this service could involve helping with:

•  ISMS scoping, setup and design
• Asset identification
• Risk assessments
• Preparation of risk treatment plans
• Production of a Statement of Applicability (SoA) and other documentation for certification
• Awareness training
• Performance and Measurement

Or, we can deliver various aspects of the above (or of the ISO 2700 family of standards), typically through the use of workshops for skills transfer.

It is important to note that we can take a business or organisation all the way from inception to the point of certification, at that point a UKAS accredited (registered) certification body (e.g. BSI, CI, KPMG) will then carry out a Stage 1 certification audit.

Our consultants have taken over forty clients through to certification with no major non conformities.

We hold certifications for ISO/IEC 27001 and our consultants have passed the following courses:

• ISO/IEC 27001 Lead Auditor; ISO audit competencies (BSI);
• ISO/IEC 27001 Lead Implementer; ISO implementation competencies (BSI);
• XISEC Risk Management
• Internal Audit

The Standard is completely risk-based and requires that detailed risk assessments are carried out, using a documented risk methodology that aligns with ISO/IEC 27005 and ISO/IEC 31000.

If the client does not have their own risk assessment methodology, we can provide them with our own as a start point and can take them through the risk assessment process using workshops if required.