Step 1: Project kick off and assigning Project team
We will appoint our expert project leader to lead the project with a support team who will gather all initial information about your business, the core processes, the environment and gather stakeholders’ inputs. During this stage, we will assign project champions from your organization
Step 2: Determine the ISMS Scope
We will understand your business, people, process and technology to define the scope of your Information Security Management System. The scope will be reviewed at a later stage to ensure suitability.
Step 3: Conduct a GAP Analysis
We will look for gaps in your existing system within the scope and provide a high-level overview of what needs to be done to achieve certification against the ISO 27001 standard requirements.
Step 4: Deliver ISMS Awareness Training
We will deliver ISO 27001 awareness training for your staff across the organization. The training will provide a general introduction to ISO 27001 requirements and basic information on cyber security.
Step 5: Conduct Risk Assessments
We will first identify your critical information assets and create an Information asset register with inputs from the ISMS champions. Based on this, we will conduct risk assessments of your assets. The output at this stage will be your Risk Register.
Step 6: Develop Risk treatment plan
Our Risk experts will prioritize the risk identified during the risk assessment phase i.e. the threats and their impacts on your business. Risk treatment options include treatment, avoidance, transfer and retention.
Step 7: Create ISMS documentation and Roll-out for implementation
We will create ISMS documentation including policies, procedures, SOPs on your behalf and quality control them for implementation. Inputs to this process will be GAP analysis and knowledge gained from ISMS champions. The approved procedures will be rolled out for implementation.
Step 8: Conduct Internal Audit & Management Review Meeting
We conduct internal audits of your newly developed system in order to ensure controls are working as intended and identify areas for further improvement. Our team of auditors will propose Corrective actions to address any shortfalls.
Step 9: Support for External Audit – Stage 1 Review
Upon implementation of your new system and a full cycle of Internal audits and Management review, we will assist you in choosing your Certification body. The Certification body will conduct a Stage 1 review of your management system and ensure your readiness for Stage 2 audit as planned.
Step 10: Support for External Audit – Stage 2 Certification Audit
We will help you get through the Stage 2 Certification audit and get certified to ISO 27001 standard in the first attempt.