ISO 27001 aims to protect information in all forms. We have a 7-phase approach that starts with understanding your business first, followed by information security objectives. This is followed by risk assessment and gap analysis - which helps us to recommend and advise you additional security controls. Our risk assessment is one of the most comprehensive assessment that includes all forms of assets that covers technology and non technology infrastructure and processes.
Each ISO 27001 consulting assignment results in transfer of knowledge, documented processes, and a framework that stays with the organisation. We believe in making ISMS simple, articulate, and easy to practice for all stakeholders, thereby gaining ROI on the invested subject.
We have implemented ISO 27001 for 100+ organisations that covered almost all business domains including Banking, Payment Card Processors, Telecom, Insurance, KPO, BPO, Manufacturing, Cloud Services Providers to name a few.
What makes us unique is our involvement in designing your implementation, securing your infrastructure, and reduction of risk. Other unique features involves our project management, our control design framework (5 folder structure per team), our comprehensive documentation, our explanation of each individual control to individual stakeholders, our 3 categories of risk assessment reporting, our 4 dimension tracking, our method of reporting business transactions for security, and ensuring zero defect certification.
Contact Us Now by filling by the form on the right, or calling us on any of the numbers listed above, and a consultant will reach out to you.
WHAT IS ISO 27001: 2013?
The standard is divided into management system controls and annexure controls – also known as detail controls.
Management System Controls (Clause 4 to 10)
Clause 1 - Scope
Clause 2 – Normative references
Clause 3 – Terms and definitions
Clause 4 - Context of the organisation
Clause 5 - Leadership
Clause 6 - Planning
Clause 7 - Support
Clause 8 - Operation
Clause 9 - Performance Evaluation
Clause 10 - Improvement
Annexure Controls (14 domains 35 control objectives and 114 detail controls)
A.5 Security policies
A.6 Organization of information security
A.7 Human resource security
A.8 Asset Management
A.9 Access control
A.11 Physical and environmental security
A.12 Operations Security
A.13 Communications security
A.14 System acquisition, development and maintenance
A.15 Supplier relationships
A.16 Information security incident management
A.17 Information security aspects of business continuity management
We bring our world-class experience in delivery ISMS ISO 27001 implementation leading to successful certification.
Phase I – Understanding the business context and ISMS context.
Phase II – Detail risk assessment/Gap analysis that includes asset identification, risk assessment, and existing control identification. As a result of new ISO 31000 requirement, we provide three dimensions of risk management.
Phase III – Design - In this phase we help create a framework of compliance for the organisation, in which every team in the scope has their respective controls, policies/procedures, access control, business/security transactions and communication methods.
Phase IV – 4 Dimensional Tracking - We track your risks, we track your documentation, we track accountability of controls, and completion of individual ISO 27001 controls.
Phase V – Performance Monitoring - We determine whether the controls that are documented are performing using a 0-100% score.
Phase VI – Internal Audit also referred as iso 27001 audit or pre-assessment, is the process of verifying successful ISO 27001 implementation, on one hand, and the inclusion of security principle in business lifecycle on the other.
Phase VII – ISO 27001 Registration body certification. This has is two stages:
Stage 1 – documentation, and
Stage 2 – implementation verification.
We support you in all the above phase to build a comprehensive ISMS.