ISO27001 Information Security Management System
Market Advantage
The ISO27001 certification is a visible brand credential of your organization’s commitment to protecting critical and sensitive information. With data breaches becoming frequent, customers need business partners to step up their defenses to safeguard their valuable data from breaches. An independent certification body of your choice will assess and validate that your practices and processes are robust to meet data security principles.
Is It For Me?
The ISO27001 is suitable for any size of business, regardless of industry. In a nutshell, any business will have processes that allow it to collect, store, use, handle, transfer, process, and archive valuable data. Valuable data are commercially sensitive information, confidential know-how, and personal data. If your business fits this description, ISO27001 applies to your business.
How Much Time?
From ground zero, it typically requires about 6 months from project kick-off to attaining certification. Why 6 months?. 3 months is for management system development work and another 3 months for implementation. Certification bodies require at least 3 months of implementation data. You can compress the time if you develop and implement concurrently. For businesses upgrading their certification to the latest standard, completion time is about 3 months or less.
You may also need to consider other time dependencies such as staff learning curve, hardware, or software (if applicable) implementation.
How We Can Help
We can assist you in achieving certification from start to completion. Our consultancy program is modularized and flexible. Scroll below to read the highlights of the modules. You have the option to choose all the modules or pick the module that you need help with.
General Training Module
Awareness training is suited to give your team members an overview of the management standard. The learning objective is to understand the application of the management standard towards your business context.
Internal Auditing and auditor training is a critical requirement in the management standard. An annual audit of the implemented Management System is required. The internal audit training module is suited for your team of auditors. The learning objective is to understand the methodology of conducting an internal audit, from planning to reporting audit findings.
Technical Training Module
Did we have an episode of a data breach? Is there potential for cyberattacks to happen? These are typical questions that start the discussion of promoting cyber defenses and data hygiene in the workplace. Being able to identify and assess information security risks is essential in ISO27001. The learning objective is to understand and identify the types of information assets and security risks present at your workplace. You will also learn about the evaluation methodology to determine whether it is potential for these risks to weaken your cyber defenses.
Some technical knowledge is required to meet essential elements of the standard. Rest assured that there are no complex concepts to grasp or complicated calculations needed.
Risk Inventory Module
Risk management is the cornerstone of the management standards. To a layman, understanding and identifying risk is a complex task. We can help you in this regard by taking over this task. Our risk assessment methodology is aligned with industry codes of practice and is acceptable for certification.
Here is what we will do:
Identify possible information security risks and vulnerabilities.
Identify critical information assets.
Evaluate the impacts or consequences of each identified risk.
Creating a data inventory register highlighting risks and impacts.
Recommend solutions to mitigate significant risks.
Policy and Procedure Module
Writing down your policies and procedures ensures continuity of practice. We can assist you in formulating your standard operating procedures (SOP). We conduct peer reviews of your SOPs for suitability and practicality in meeting the standard. We will also guide you during the implementation of your SOPs for fulfilling certification requirements.
Pre-Certification
Assessment Module
At the end of the implementation period, we will assess your readiness for the actual certification exercise. We will report and highlight areas for closure and improvements to be made before fixing a date with your appointed certification body.
Post-Certification Module
Our service does not end when your organization is certified. Maintaining the certified system through annual internal audits is mandatory over the three years of certification. If you are short on human resources or skillset, we provide contract internal audit services to help you maintain your certification.
To know more, click here.