To help your organisation get started with complying with the ISO 27001 standard, Risk Crew can provide your organisation with the following;
- Conduct ISO 27001 Compliance Gap Assessment: We will assess your current information risk management processes, operations, policies, and controls against those recommended by the standard, to identify the current compliance “gap” and then generate a comprehensive report of our findings and recommendations
- Create ISO 27001 Compliance Activities Roadmap: The roadmap will cite specific actions required for compliance, proposed action owners, target completion dates, and estimated budgets required.
- Conduct Stakeholder Workshop: Upon completion of the above, a half-day workshop for key business stakeholders will be conducted to ensure their understanding of the remedial actions needed for compliance and the estimated resources and timeline required.
These will result in a solid understanding of the standard and what’s required from your business to comply.
Our Assist service offers all deliverables from our Discover service plus the following:
Identify, Locate, and Classify Assets: Risk Crew will review your business model and interview your key business stakeholders to identify, locate and value the sensitive information assets processed, stored and transmitted by your organisation.
Craft Data Classification Schemes: We develop clear marking schemes for secure handling, aligning with regulations like Data Protection.
Create Comprehensive Asset Register: Information assets will be documented citing their sensitivity level, ownership, and IT system locations. The register becomes your risk management inventory.
Thorough Threat and Risk Assessment: Risk Crew's analysis uncovers threats, predicts impacts, and prescribes solutions, presented in a practical Risk Treatment Plan.
Stakeholder Strategy Workshop: Collaborating with key stakeholders, we will clarify assessment results and define your information risk stance.
Tailored ISMS Documentation: We will go ahead to use a bespoke ISMS template developed by our in-house consultants to draft a relevant Statement of Applicability, adaptable Security Policies, and Procedures.
Simulation Audit: Ready for the real deal? Risk Crew will perform a mock audit, delivering an ISO 27001 compliance report to pave your certification path.
This service provides the framework essential for compliance and is ideal for organisations that have operational resources but specifically lack in-house information security risk management expertise.
Our Implement service offers all the deliverables from both our Discover and Assist services and the items below. This popular service comes with our 100% guarantee that you will pass your compliance audit.
- Fit-for-Purpose ISMS Documentation for your Business: This includes a compliance-specific Statement of Applicability (SoA) along with bespoke information security policies and procedures for your organisation.
- Control recommendations: This includes recommendations on control objectives, control configuration (if required) control evidence, and control testing procedures.
- Conduct Network and Website Security Vulnerability Assessment Scanning: This service is accompanied by an automated vulnerability assessment scanning to identify security weaknesses associated with your business systems and websites
- Implement Information Security Awareness Training Program: Risk Crew will provide computer-based information security awareness training to your staff to ensure their understanding of cyber security threats to the business. Face-to-face workshops with cyber security experts are also available in lieu of or to supplement this training depending on your preference.
- Conduct ISMS Workshop with Stakeholders to Ensure Understanding, Roles and Responsibilities: Upon completion of the above, Risk Crew will hold a full-day workshop with your key business stakeholders to ensure their comprehensive understanding of the ISMS, its goals and objectives, key performance indicators (KPIs), staff responsibilities and ongoing actions required to support it.
This comprehensive service provides everything you need for your ISO 27001 compliance and is designed for organisations looking for a cost-effective, turn-key solution. If, for any reason, any additional remedial actions are required for certification, we will implement these actions at no charge to you.
If your organisation is currently ISO 27001 compliant then you know that once you get compliant the challenge is to stay compliant.
Risk Crew can help you meet this challenge with a variety of support services from delivering on-going requirements such as conducting risk assessments, scanning, testing and delivering information security awareness training to providing continuous ad-hoc advice and assistance to answer questions, clarify requirements and ensure you stay the course of compliance.