ISO 27001/27002 Consultant, ISO 27001 Implmentation Partner, ISO 27001 Consulting and Audit Firm, ISO 27001 Cyber Security Consultant

Overview

ISO 27001 is the world’s most popular information security standard for organizations to achieve and demonstrate ongoing security compliance.
ISO 27001 has 140 individual requirements each of which needs to be implemented to get certified. Implementation involves setting objectives, policies, procedures, risk assessment, technology deployment, audits and ongoing measurement program.
We have a well-defined implementation methodology that ensures the implementation and certification will reduce cyber security risks, and security in everything that a business does.
In Coral we have implemented ISO 27001 for companies across the world, covering almost all industry sectors.
For startups, and small and medium enterprises, ISO 27001 implementation can be achieved within 3-4 months. For larger organisation the time period can be determined generally post a gap analysis.
In Coral we help clients to get certified first and then if needed help them manage their ISMS program.

Kindly share your details for ISMS requirements

Name

Organisation

Phone

Please provide your additional request OR specific request (if any) : *

Security Code

WHAT IS ISO 27001: 2013?

The standard is divided into management system controls and annexure controls

Key Processes include the followings

Management System Controls (Clause 4 to 10)

Clause 4. Organisational Context
Clause 5 - Leadership
Clause 6 - Planning
Clause 7 - Support
Clause 8 - Operation
Clause 9 - Performance Evaluation
Clause 10 - Improvement

Annexure Controls (14 domains 35 control objectives and 114 detail controls)

A.5 Security Policies
A.6 Organization of Information Security
A.7 Human Resource Security
A.8 Asset Management
A.9 Access Control
A.10 Cryptography
A.11 Physical & Environmental Security
A.12 Operations Security
A.13 Communications Security
A.14 System Acquisition, Development & Maintenance
A.15 Supplier Relationships
A.16 Information Security Incident Management
A.17 Information Security Aspects of Business Continuity Management
A.18 Compliance

Our Approach to Successful ISMS - ISO 27001 Implementation

We bring our world-class experience in delivery ISMS ISO 27001 implementation leading to successful certification.

PHASE I - Understanding Business and Security Objectives

Understanding the business context and ISMS context.

PHASE II - Gap Analysis and Risk Assessment

Detail risk assessment/gap analysis that includes asset identification, risk assessment, and existing control identification. As a result of new ISO 31000 requirement, we provide three dimensions of risk management.

PHASE III - Design and Documentation

Design - In this phase we help create a framework of compliance for the organisation, in which every team in the scope has their respective controls, policies/procedures, access control, business/security transactions and communication methods.

PHASE IV - Tracking

4 Dimensional Tracking - We track your risks, we track your documentation, we track accountability of controls, and completion of individual ISO 27001 controls.

PHASE V - Control Measurement

Performance Monitoring - We determine whether the controls that are documented are performing using a 0-100% score.

PHASE VI - Internal Audit

Internal Audit involves verifying the effectiveness of the implemented controls through interviews and checking of all applicable controls.

PHASE VII - External Certification Support

ISO 27001 Registration body certification. This has is two stages:
1 - documentation, and
2 - implementation verification.

We support you in all the above phases to build a comprehensive ISMS.

Training

We provide bespoke training, listed below are our offerings.

Shorter Sessions from 1 hour to 4 hours
Interpretation of the ISO 27001 requirements
1 Day Awareness Session
2 Days Internal Audit Course
3 Days Implementation Course covering 10+ hands on exercises