ISO 27001 Compliance

ISO 27001 Certification Consultancy Service

Protect your organisation against security risks

Book a Free Gap Assessment

Get A Quote

ISO 27001 is the standard created by the International Organisation for Standardisation for implementing an Information Security Management System (ISMS) to protect business information assets.

Formally called ISO 27001:2013, quite simply, it’s a framework for managing information security risks.

If you don’t have an ISMS then an ISO 27001 aligned one is the best place to start, as the standard assures that your information security processes and controls are current, effective and meet internationally recognised best practices.

Regardless of industry, size or location, the ISO 27001 certification provides a proven framework for any business to identify, minimise and manage the security risks to their sensitive data. It dictates the design and implementation of customised procedures to meet your existing business processes and objectives. This is what information security is all about.

Risk Crew offers a variety of consultancy options to help you gain and maintain the ISO 27001 certification. Get in touch with our team to get started with ISO compliance. 

Our ISO 27001 Certification Services

Risk Crew can help your organisation achieve and maintain ISO 27001 compliance through one (or a combination of any) of our four bespoke, cost-effective compliance services:

ISO 27001 Discover Service

To help your organisation get started in complying with the ISO 27001 standard, our Discover service provides the following deliverables:

  • Conduct ISO 27001 Compliance Gap Assessment: Risk Crew will assess your current information risk management processes, operations, policies and ISO 27001 controls against those recommended by the standard, to identify the current compliance “gap” and then generate a comprehensive report of our findings and recommendations to remedy that gap.
  • Create ISO 27001 Compliance Activities Roadmap: Findings will include a detailed list of actions required for your organisation’s full compliance, in a project plan format of your choice. The roadmap will cite specific actions required for compliance, proposed action owners, target completion dates and estimated budgets required.
  • Conduct Stakeholder Workshop: Upon completion, Risk Crew will conduct a half-day workshop for key business stakeholders to ensure their understanding of the remedial actions needed for compliance and the estimated resources and timeline required.

This service results in a solid understanding of the standard and what’s required from your business to comply.

ISO 27001 Compliance Assist Service

Need some more help? Our Assist service offers all deliverables from our Discover service plus the following:

  • Identify, Locate and Classify Information Assets: Risk Crew will review your business model and interview your key business stakeholders to identify, locate and value the sensitive information assets processed, stored and transmitted by your organisation.
  • Create Data Classification and Marking Schemes: Once these information assets are identified, we will create suitable classification and marking schemes to ensure appropriate handling and security controls are applied and compliance requirements (such as Data Protection) are met.
  • Create Information Asset Register: All information assets will then be documented citing their sensitivity level, value, owner and location in information technology systems for reference in accordance with the standard. This document provides the inventory for risk management.
  • Perform an Information Security Threat and Risk Assessment: Risk Crew will then conduct a comprehensive information threat and risk assessment. This identifies the potential security threats to your organisation’s information assets, the likelihood and impact of these threats occurring and recommended remedial actions. Risk likelihood and impact calculation formulas will be agreed upon with you prior and the outcome will be delivered in a Risk Treatment Plan format that will serve as your foundation for tracking and managing risks to your information assets across the organisation.
  • Conduct Risk Strategy Workshop with Stakeholders: Upon completion of the above deliverables, Risk Crew will hold a half-day workshop with your key business stakeholders to ensure their understanding of the threat and risk assessment results and confirm and establish the information risk appetite, tolerance and capacity levels for the organisation.
  • Create Template ISMS Documentation for Customisation: We will then provide a template of ISMS documentation to include a draft Statement of Applicability (SoA), sample information security policies and procedures for the organisation to customise to their business processes and risk objectives.
  • Conduct Mock Audit: When you are ready, Risk Crew will come in and conduct a mock audit and provide an ISO 27001 compliance report to ensure certification readiness.

This service provides the framework essential for compliance and is ideal for organisations that have operational resources but specifically lack in-house information security risk management expertise.

The outcome serves as the foundation for an effective, operative information security management system and requires the implementation of remedial actions, policy customisation, control implementation, testing, and education of your users for completion of your compliance requirements.

This service delivers a detailed overview of where your business is in relation to the standard.

Many elements are important in getting ISO 27001 compliant. Find out more in our recent blog post, where we narrowed them down to four key areas.

ISO 27001 Certification Implement Service

Need the full belt and braces? Our Implement service offers all the deliverables from both our Discover and Assist services and the items below. This popular service comes with our 100% guarantee that you will pass your compliance audit.

  • Customised ISMS Documentation for the Business: Risk Crew will create fit-for-purpose ISMS documentation to include a compliance-specific Statement of Applicability (SoA) along with bespoke information security policies and procedures for the organisation to implement.
  • Control recommendations: Risk Crew will also recommend cost-effective information security controls where required to ensure policy implementation and compliance. Control recommendations shall include control objectives, control configuration (if required) control evidence and control testing procedures.
  • Conduct Network and Website Security Vulnerability Assessment Scanning: Risk Crew will then conduct automated vulnerability assessment scanning to identify security weaknesses associated with your business systems and website for remediation in accordance with the standard.
  • Conduct Network and Website Security Penetration Testing: Risk Crew will also conduct manual security penetration testing of your business systems and website to attempt to identify and exploit associated weaknesses in accordance with the standard.
  • Implement Information Security Awareness Training Program: Risk Crew will provide computer-based information security awareness training to your staff to ensure their understanding of cyber security threats to the business along with their roles and responsibilities for compliance to policies and incident reporting in accordance with the standard. Face-to-face workshops with cyber security experts are also available in lieu of or to supplement this training depending on your preference.
  • Conduct ISMS Workshop with Stakeholders to Ensure Understanding, Roles and Responsibilities: Upon completion of the above, Risk Crew will hold a full-day workshop with your key business stakeholders to ensure their comprehensive understanding of the ISMS, its goals and objectives, key performance indicators (KPIs), and staff roles, responsibilities and ongoing actions required to support it.

This comprehensive service provides everything you need for your ISO 27001 compliance short of implementing the policies and the procurement of any controls needed and is designed for organisations looking for a cost-effective, turn-key solution. If for any reason, your initial audit produces any additional remedial actions required for certification, we will implement these actions at no charge to you.

ISO 27001 Compliance Maintain Service

If your organisation is currently ISO 27001 compliant then you know that once you get compliant the challenge is to stay compliant.

Risk Crew can help you meet this challenge with a variety of support services from delivering on-going requirements such as conducting risk assessments, scanning, testing and delivering information security awareness training to providing continuous ad-hoc advice and assistance to answer questions, clarify requirements and ensure you stay the course of compliance. For more information on how to maintain your ISO compliance remotely, take a look at our recent blog post, where we discuss how to maintain your ISO compliance with staff working from home.

Give us a call and we can discuss and design solutions to meet your specific needs.

ISO 27001 Resources

add_task

ISO 27001 Compliance Discovery Session

Get a mini-gap assessment and advice from an ISO 27001 expert. Schedule a call or online meeting.

inventory

ISO 27001 Documentation Guide & Checklist

Learn what documentation and policies are required to achieve certification to the standard.

auto_stories

ISO 27001 Certification Case Study

Read how Risk Crew helped a Agrifood organisation achieve and maintain ISO 27001 certification.

auto_stories

ISO 27001:2022 Transition Guide

Excellerate your implementation and/or transition with guidance on the new standard.

What Are the Benefits of Implementing the ISO 27001 Certification?

By choosing to implement ISO 27001, you are demonstrating that you have a proven framework to manage the risks to your sensitive data and take risk management seriously within your company. Certifying to ISO/IEC 27001 shows that your organisation is committed to maintaining a top-level of security.

Implementing ISO 27001 results in many benefits.

✓Enhance your global reputation by following an internationally recognised standard.

✓Gain insight from audits for continual improvements.

✓Help avoid financial penalties and reputational damage associated with a data breach.

✓Easily implement controls that help ensure compliance with business, contractual, legal and regulatory requirements.

Why Should You Choose Risk Crew for ISO 27001 Compliance?

Our service is delivered by certified and seasoned ISO 27001 certified practitioners who also possess a host of industry-recognised information security governance, and risk and compliance certifications. This ensures that they consider and address your business objectives throughout the compliance cycle. Find out more on how to choose the right ISO 27001 certification body in our recent blog post.

When you choose Risk Crew, you’re electing to work with qualified experts.

Best Practice

Risk Crew follows best practices including ISO 27001, PCI, Data Protection Act 2018 and the GDPR

Accredited

ISO 27001 and Cyber Essentials Plus certified

Certified

Engineers hold CISSP, CISA, CRISC, CISM and CSX certifications

Experienced Practitioners

Risk Crew has over 30 years of practical knowledge

See what our customers say:

"Professional from start to finish, Risk Crew helped enormously in overhauling our business' cyber risk management. From testing our systems, highlighting areas to improve on and assisting in helping us achieve compliance with ISO 27001 & Cyber Essentials they have truly transformed the way we work. If you're looking for experts in cyber risk management, Risk Crew are the company for you!"
Chief Information Officer | Professional Services Industry

"We had been on our ISO27001 journey for a number of years and decided to work with RC to help us over the line. Since then, they have been our go to, for Cyber Essentials, 27001, GDPR compliance and Penetration testing services."
Chief Information Officer | Professional Services Industry

Request a Free ISO 27001 Compliance Gap Assessment

Find out how much effort your organisation would need to achieve ISO 27001 with a complimentary assessment. You’ll receive an independent view of how your current ISMS aligns with ISO 27001 requirements.

Frequently Asked Questions

What is the process for becoming ISO 27001 compliant?

The first step is to define the scope of the ISO 27001 compliance. This could be the whole company or just a part of it. Once the scope has been defined there is usually a gap analysis to see what information security infrastructure is already in place and what is required to align it with the ISO 27001 standard. Additional workstreams would address any gaps identified and will look to build an Information Security Management System (ISMS) following ISO 27001 requirements.

How do I get ISO 27001 certified?

Before achieving ISO 27001 certification an organisation must first meet the standards requirements and be able to provide evidence to support that compliance. To become certified a company will undergo a two-stage audit by an externally accredited ISO 27001 auditor. The first stage looks at the documentation to establish whether it is in line with the requirements of ISO 27001. Stage 2 is different as the auditor will conduct a thorough assessment to establish whether the organisation’s ISMS is compliant with the ISO 27001 standard and will look for evidence that the organisation is following the documentation (policies, procedures, etc.) in practice. The audit report will confirm a pass or a fail and will include any findings found that need or should be addressed.

Why is the ISO 27001 certification important?

The ISO 27001 certificate is important for a business as it helps to strengthen the three areas of cyber security: people, processes and technology. The ISO certification gives you the correct tools to minimise the risk of data breaches, and the fines associated with them.

Is ISO 27001 compliance expensive?

Achieving ISO 27001 compliance will almost certainly require an organisation to invest time and effort. However, this investment pays dividends when you consider the general improvements to an organisation’s approach to information security. Breaches of data can be very expensive to an organisation especially if the data includes personal and/or sensitive data. GDPR introduced maximum fines of 20,000,000 EUR or 4% of on organisations revenue and no organisation wants to incur those penalties. Becoming ISO 27001 compliant can help an organisation reduce the risk of data breaches and not pay the fines.

How long does the ISO 27001 compliance process take?

The length of time required to get a organisation to be compliant with the standard will vary depending on the organisation’s size and it’s starting position. If there is no information security infrastructure to work with then it will take a lot longer than if the existing policies and procedures just need to be aligned to the standard.

What are the benefits of becoming ISO 27001 compliant?

There are multiple benefits to becoming ISO 27001 compliant in addition to improving the organisations security posture. Some government departments or agencies will require ISO 27001 before awarding contracts. The same is true of many banks and financial institutions. It may also be a valuable differentiator between your organisation and competitors.

How much does the ISO 27001 certification cost?

The cost of the ISO 27001 will factor in the size of the business, number of employees, sector and annual turnover. The cost of the certification will also vary depending on how you decide to implement it, which could vary depending on if you use a contractor or a consultant. Risk Crew offers a variety of consultancy options to help you gain and maintain ISO 27001 compliance. Get in touch to find out more.

Should I implement ISO 27001:2022?

Certification bodies will not offer ISO 27001:2022 certification immediately as they will be transitioning themselves to understand the audit process to the new standard. It's best for all new implementation projects to adhere to ISO 27001:2022 so when the Certification Bodies are ready you will be too. Have more questions on the new standard? Get in touch - we're happy to help.