ISO 27001 Consultancy & Compliance
Benefits of ISO 27001 Consultancy and Certification
Strengthen your data security
Complying with the standard will ensure your data is more secure and your organisation is more resilient to cyber attacks. ISO 27001 certification is globally accepted and demonstrates effective security and will reduce the need for more regular audits.
Protect your reputation
Data breaches can seriously damage an organisation’s reputation. ISO 27001 certification will help you protect your name and your clients’ trust.
Give your clients peace of mind
Certification allows you to demonstrate to new and existing clients that you are serious about your security and have taken the necessary steps to protect your business. It is proof of effective internal security practices and reassurance that clients’ data will be safe with you.
The review will determine what security controls you need and what you do not, allowing you to get the most from your budget.
No unplanned spending
If your data IS breached, the financial remediation costs can be astronomical. And in some instances, non-compliance can lead to large fines and penalties.
ISO 27001 Consultancy – The Razorthorn Approach
1. Project initiation & scoping
We will create a detailed project plan specific and bespoke to your organisation’s requirements. This will include:
- Aligned business and security objectives, including documentation
- ISMS scope
- Management support documented
- Interested parties including applicable laws, regulations, contracts, etc. documented
- Statement of applicability
- Establish ISMS metrics
- Establish ISMF and process
- Risk process and workshop
2. Gap analysis
We will review your current status by carrying out an ISO 27001 gap analysis review. This will highlight the areas that need to be addressed to meet with the ISO requirements. We will provide you a report explaining, in clear and concise language, what testing has been carried out and why, along with a comprehensive list of activities to be completed to ensure compliance.
3. Planning and remediation
We will help, advise and assist you in planning the activities identified in the Gap Analysis phase. The approach will be bespoke to your business and may consist of the creation, development and implementation of policies, procedures, staff awareness training, documentation, controls and tools to ensure that you become and remain compliant.
4. Achieving certification
In this final stage, the organisation will achieve certification and we will complete the schedule of ongoing activities for the 3 years of the certification including the development of an improvement plan along with identifying, fixing and preventing the recurrence of non-conformities.
Razorthorn will support you throughout certification audit process and beyond.
I’ve got ISO 27001 certification
Once certification is achieved, it is valid for three years. During this time, the ISMS will need to be properly maintained so that it continues to comply to the standard. To ensure your organisation’s ongoing security, auditors will conduct surveillance visits every year whilst the certification is valid.
We advise that you undertake Penetration Testing on an annual basis, or when any significant changes are made to your network or security portfolio. Pen Testing can also be used to test specific new or changed areas, such as websites or apps.
- Razorthorn have been in business for over 13 years and during that time we have undertaken many hundreds of ISO 27001 reviews, achieving compliance for our clients. We have worked with organisations of all sizes and are familiar with a wide range of IT and IS infrastructure.
- We can prepare most small businesses for ISO 27001 certification in under three months
- Our pricing structure is competitive and transparent.
- In addition to our own expertise, your organisation can take advantage of training courses from our experienced team on ISO 27001 implementations and audits – these courses range from a half day executive management session through to a five day ISO 27001 ISMS Lead Auditor training course. Please contact us for details.