ISO 27001 defines a detailed process for developing the ISMS, beginning with scoping out the system's inclusions (e.g., information assets), identifying the risks that those assets face, determining how to treat those risks, implementing applicable security controls, auditing those controls, and finally applying feedback into the system to ensure continual improvement. Once the system is implemented, we provide assistance during the certification audit processes.
We map out the scope of your ISMS, identify risks that need to be treated and determine the security controls to treat them
We prepare relevant security policies and processes for your organisation, and security controls are implemented.
We establish the internal audit function that's required of ISO 27001, and perform your initial audit.
We develop systems to implement improvements on a continual basis, such as any findings from the internal audit.