• As an ISO 27001 consulting service provider, we advise our clients in ISMS – ISO 27001 certification through a 6-phase implementation approach that includes understanding client business, setting security policy objectives, gap analysis, detail risk assessment, policy documentation, risk remediation support, end user training, monitoring, measurement, and audit, thereby leading to successful ISO 27001 certification.
  • With 20 years of ISMS practice, our methodology has been successfully implemented in business of all sizes and sectors, across the globe. Whether you are a startup in AI-ML-Data Science, SAAS, PAAS, IAAS provider, product developer or customer, or brick and mortar local or global business, we have implemented ISMS in fairly all industry sectors.
  • Security is everyone’s responsibility. We consider our methodology as most comprehensive as we involve every client key stakeholder in our ISO 27001 implementation journey. We ensure ‘security by design’ principles as part of your business DNA.
  • How fast can Coral get us ISO 27001 certified? As fast as you want to be! We follow an agile philosophy where phases of the project can run in parallel, resulting in achieving ISO 27001 certification faster.
  • Contact us today to get started

Kindly share your details for ISMS requirements

Information  Security Management System
ISMS – ISO 27001 Consulting Engagement Phases

Here is a brief overview of al the phases involves in implementing ISMS-ISO 27001 certification.

PHASE I - Understanding Business and Security Objectives

  • Every client is unique with its business model, customers and business objectives.
  • The ISMS-ISO 27001 implementation journey starts with this phase where we determine and document the clients’ business requirements for Information Security management system (ISMS) – ISO 27001 context.
  • This is where ISMS context, internal and external requirements, and scope are determined and documented.

PHASE II - Gap Analysis and Risk Assessment

  • As the name suggests, this phase is aimed at determining the current controls in place, which helps determine the ‘missing controls’.
  • In addition this phase involves determining information and its lifecycle, with its assets that store, process and/or transmit the information.
  • How comprehensive is the risk assessment? We perform a 3-phase risk assessment that involves information assets, security controls and policy objectives, thereby giving clients an unparalleled view of their security risks.
  • With more and more organizations choosing a combination of on prem and cloud, this phase has become a key focus area.
  • Gap Analysis phase is a key phase in designing control responsibility to stakeholders.
  • This is where identified gaps, applicable controls (Statement of Applicability), with their references to stakeholders and policy/procedure requirements are determined, and documented.

PHASE III - Design, Documentation and Risk Monitoring

  • Design involves control allocation responsibility to organisation stakeholders.
  • Documentation involves drafting 25+ policies and procedures
  • The phase involves brainstorming and training staff to align them with documented controls and policies.
  • Risks identified in the gap analysis are tracked towards closure.

PHASE IV - Control Measurement

  • Measurement involves testing the control effectiveness and giving a 0-100% score.
  • We have a structured methodology using which we score controls based on an interplay of business transactions with ISO 27001 controls, and present this to the management using a formal report.

PHASE V - Internal Audit and Management Review

  • Internal audit started with preparation of ISO 27001 checklist and selecting client staff as auditee, latter responsible for the controls.
  • Internal Audit involves verifying the effectiveness of the implemented lifecycle controls through interviews with physical and system verification of applicable controls, as it applies to the organisation control design.
  • A formal report is published for management committee.
  • We facilitate reviews with the management to ensure that the initial ISO 27001 policy objectives and goals are achieved.

PHASE VI - External Certification Support

Chosen external certification body audit performs ISO 27001 certification in two phases:

  • Stage 1 – Documentation Review, and
  • Stage 2 - Implementation Verification

With the two phases completed, the certification body issues an IS 27001 certificate.
Finally, upon receiving their ISO 27001 certificates, the clients are officially iso 27001 certified


Seek a one to one session with our Principal Consultant, who will answer your questions to get started.

Questions? Please contact us.

We provide bespoke training, listed below are our offerings.

  • Shorter Sessions from 1 hour to 4 hours
  • Interpretation of the ISO 27001 requirements
  • 1 Day Awareness Session
  • 2 Days Internal Audit Course
  • 3 Days Implementation Course covering 10+ hands on exercises

Upon receiving your request, we will provide you further details.

Documentation Toolkit

ISO 27001 requires documentation of policies, procedures and records. As a result of several consulting assignments, we have some of the best content available that covers all the requirements.

Our documentation has the following salient features:

  • Alignment with all ISO 27001-documentation requirements
  • Our experiences turned into documentation templates
  • Project Tracking tools to support the implementation
  • Q & A support

Upon receiving your request, we will provide you further details.

Internal Audit

An independent assessment helps to assess the state of compliance. Our internal audit methodology includes people, process, technology and measurements to assure and provide management the degree of ISO 27001 compliance. Typically 3-5 days is required to perform a comprehensive internal audit.

Upon receiving your request, we will provide you further details.

Annual Risk Assessment

Risk Assessment is a mandatory requirement for achieving and maintaining ISO 27001. We have one of the most comprehensive risk assessments that comprises asset, controls and security policy objective wise risk assessment. Let us know if you are interested.

Upon receiving your request, we will provide you further details.

Program Management

Our consulting methodology experience has helped us to understand – what it takes to design and maintain a successful ISO 27001 compliance. ISO 27001 Program managemen removes the compliance responsibility to an external team, whereas the management focuses on customer/business delivery.

We currently manage program management for customers who has one location to another set of customers who have more than 8 locations worldwide

Upon receiving your request, we will provide you further details.

Information Security ‘measurement’ System

We have a successful framework for measurement of ISMS. The measurements checks ISMS objectives, as well as control wise objectives to provide you a scoring method applied. The measurements help the organisation provide a performance analysis and take actions proactively.

Upon receiving your request, we will provide you further details.

Call or write to us at :
for proposal / roadmap / information