Choosing the correct scope for your ISO 27001 certification is a vital part of any programme. Our consultants will help you to correctly scope your certification, so that your new Information Security Management System will protect your most important corporate asset–information–from the issues identified by your threat and risk assessment.
A correctly scoped certification will provide tangible benefits to your business, such as improving process efficiency. Our consultants will take a pragmatic approach to scoping your certification, such that it will reduce the administrative burden on your business, whilst improving security.
Our experienced ISO 27001 consultants and auditors will conduct an on-site assessment to identify key areas of weakness within your Information Security Management System. At the end of the Gap Analysis, you will receive a report detailing your current strengths and weaknesses, complete with actionable points. This report will provide you with the information you need to fix any identified weaknesses.
As part of our Gap Analysis service, our consultants will create a defensible Statement of Applicability, that will stand up to the scrutiny of your external auditors (BSI, Lloyds Register QA, etc.) .
Implementation and Mock Audit
After we have scoped your certification, and completed a Gap Analysis, our consultants work with you to fix any issues identified–a process known as remediation. This remediation work puts your organisation in a position to achieve ISO/IEC 27001:2013. We can help you to implement process, procedure, and technical controls, and document them in a user-friendly manner.
Once your new Information Security Management System has been implemented, we are able to conduct a mock audit, led by our BSI-trained Lead Auditor, providing you with assurance of your system and team. A mock audit is a fantastic way to pre-empt any issue that could occur during your external audit.
External Audit Support
Audit day can be a daunting time for many businesses, and you may need somebody to hand-hold you through the process. During your external audit, we’ll put a consultant on-site, to support your team, and to liaise directly with your external auditor.
Our consultancy team has a good working relationship with many external auditors, at UKAS accrediting bodies, such as BSI and Lloyds Register QA.
Why Choose Us?
Our security team hold qualifications such as NCSC Certified Information Assurance Auditor, PCI Qualified Security Assessor, ISACA Certified Information Systems Auditor and Certified Information Security Manager, Certified Information Systems Security Professional, and ISO 27001 Lead Auditor and Implementer. They have implemented, and audited, security management systems across the globe for clients in the aerospace, defence, pharmaceutical, and wider business sectors.