BH Consulting can help you with your ISO 27001 ranging from assessing your information security against the standard to helping you achieve certification to the standard. As a company certified to the standard we fully understand what is required to achieve and maintain certification against the standard. We are proud to say that we maintain a 100% success rate with all clients who have engaged us in helping them achieve certification against the standard. For more information please contact us.
We offer the following services to clients interested in the ISO 27001 information security standard;
In order to determine the effort required to enable your organisation to achieve certification to the standard it will be necessary to determine what the current status of your ISMS is. BH Consulting can conduct a gap analysis of your current ISMS against the requirements of the ISO 27001 Information Security Standard. BH consulting will achieve this by interviewing key personnel in your company using BH Consulting’s methodology based on a questionnaire centred on the controls specified in the ISO 27001 Information Security Standard. This questionnaire will be used to identify what areas provide opportunities for improvement to enable certification against the ISO 27001 Information Security Standard. Ideally, representatives from the management team and staff members familiar with the day to day running of the ISMS should be interviewed.
At the end of this phase a report will be developed outlining any sections of your ISMS that does not align with the ISO 27001 Information Security Standard and steps to address any gaps identified.
One of the key cornerstones required to ensure alignment with the ISO 27001 Information Security Standard is the completion of a comprehensive risk assessment process. The risk assessment process determines the level of risk acceptable to the organisation and identifies unacceptable risks. Appropriate controls, whether they are human, process or technical, can then be identified to manage the risk appropriately.
This workshop will entail;
The outcome of the risk assessment workshop will be comprehensive documentation and tools to enable you maintain your risk management and risk assessment programs.
BH Consulting can assist you in aligning your Information Security Management System (ISMS) with the ISO 27001 Information Security Standard. The following outlines how BH Consulting has assisted other clients wishing to implement the ISO 27001 Information Security Standard.
- The Statement of Applicability
This describes which clauses of the standard (Annex A) the organisation has determined to be relevant and applicable to the ISMS
- Organisation Overview
A brief description of the organisation's activities/services, and where available, a flow diagram(s) describing the organisations activities/services
- Information Security Policy
A copy of the organisation's information security manual, or selected information security related policies or procedures, depending upon how these have been documented in the organisation.
- Business Continuity Management
A copy the organisation's business continuity strategy and/or business continuity plans for ensuring the continuity of essential services/activities in the event of major incidents.
- Internal Audit Reports
Copies of any ISMS internal audit reports conducted to date, and a copy of the internal audit schedule.
- Document Control Procedure
A description as to how documents within the scope of the ISMS will be controlled and maintained.
- Corrective and Preventative Action Procedures
This defines how the organisation will identify any weaknesses within the ISMS and how to address those weaknesses.
- Internal Audit Procedure
A document outlining how internal audits of the ISMS will be conducted, by whom and outlining the frequency
- Risk Assessment
A description of the risk assessment methodology used by the organisation in its assessment of information security risks.
- Risk Assessment Report
A copy of the information security risk assessment report, including the identification of any 'unacceptable' risks.
- Risk Treatment Plans
A copy of the 'Risk Treatment Plan(s)' which has identified relevant controls to mitigate the risks identified through the risk assessment report
To achieve certification to the ISO 27001 Information Security standard it is essential that you can demonstrate the standard is being rigorously applied to your ISMS.
This will entail;
- Ensuring all policies and procedures are properly documented and up to date.
- Ensuring all staff are aware of the relevant processes and procedures
- That staff are assigned information security roles and what those roles entail.
- Audit logs and other evidence to demonstrate that policies, processes and procedures are being adhered to.
For this part of the project BH Consulting can;
- Implement the ISMS or
- Project Manage the implementation of the ISMS or
- Provide consulting or advisory services during the review or
- Conduct an audit at the end of the implementation to ensure that the ISMS has been implemented in accordance with the ISO 27001 Information Security standard or
A requirement for continuous certification to the ISO 27001 is that an internal audit function regularly audits the ISMS or sections of the ISMS. This is to ensure that it continues to operate within the requirements of the standard. BH Consulting can provide this service and the audit schedule can be agreed and scheduled with your requirements.
We offer a range of courses and solutions on education regarding ISO 27001. See our training page for more details.