ISO 27001 certification is a crucial compliance framework designed to tackle the rising instances of information security breaches. It addresses a multitude of regulatory and compliance requirements associated with information security while also addressing the considerable time and resources required to meet customer expectations.
Following the execution of the agreement, the initial stage of the engagement is dedicated to planning.
Develop engagement plan, Identify key engagement stakeholders and domain specific SPOCs, Meet with stakeholders to validate the engagement plan, understand objectives and set expectations
Review current policy, procedures, processes and templates in line with ISO 27001 standards
Perform gap analysis and risk assessment in accordance with ISO 27001 and standards
Design a risk and context-based assessment framework for Organisation and Perform Risk Assessment for Organisation
Design policies and procedures basis the gaps identified in the current state assessment, as well as design policies for requirement of ISO 27001; based on scope
Identify and develop mitigating controls, create risk treatment plan & Statement of Applicability (SOA)
Identify the threats to critical information assets basis the risk and context-based assessment
Identify the key roles in Organisation as per the governance structure prior to the training
Identify training needs basis the key roles in the organisation
Conduct role-based training sessions for Organisation based on agreed requirements
Design a detailed implementation plan
Provide implementation support
Perform pre-certification assessment
Provide corrective action plan
Review post implementation
