ISO 27001: 2022
Why ISO 27001?
ISO 27001 certification is a crucial compliance framework designed to tackle the rising instances of information security breaches. It addresses a multitude of regulatory and compliance requirements associated with information security while also addressing the considerable time and resources required to meet customer expectations.
Process offered
Project Planning
Following the execution of the agreement, the initial stage of the engagement is dedicated to planning.
- Develop engagement plan
- Identify key engagement stakeholders and domain specific SPOCs
- Meet with stakeholders to validate the engagement plan, understand objectives and set expectations
Current State Assessment
- Review current policy, procedures, processes and templates in line with ISO 27001 standards
- Perform gap analysis and risk assessment in accordance with ISO 27001 and standards
Design and Evaluate:
- Design a risk and context-based assessment framework for Organisation and Perform Risk Assessment for Organisation
- Design policies and procedures basis the gaps identified in the current state assessment, as well as design policies for requirement of ISO 27001; based on scope
- Identify and develop mitigating controls, create risk treatment plan & Statement of Applicability (SOA)
- Identify the threats to critical information assets basis the risk and context-based assessment
Training and Awareness + Technical Assessment
- Identify the key roles in Organisation as per the governance structure prior to the training
- Identify training needs basis the key roles in the organisation
- Conduct role-based training sessions for Organisation based on agreed requirements
Implementation assistance
- Design a detailed implementation plan
- Provide implementation support
- Perform pre-certification assessment.
- Provide corrective action plan
- Review post implementation