ISO 27001 Consultancy Services

Having been involved in implementing ISO 27001, the International Standard for Information Security Management Systems (ISMS’), since its inception, VERITAS has unrivaled insights into the Standard’s requirements and how best to satisfy them. VERITAS’s ISO 27001 consultants are adept at supporting all stages of the Standard’s lifecycle, from conducting gap analyses and risk assessments to ongoing management system and control audits. VERITAS can offer your organization full lifecycle services or one of the more specific services detailed below in order to achieve either ISO 27001 conformance or ISO 27001 certification.

ISO 27001 Gap Analysis

With our ISO 27001 gap analysis, VERITAS will assess your existing information security framework or management system and your information security controls. With regard to the former, our ISO 27001 consultants will review both your documentation and your working practices in order to identify what gaps exist in relation to the requirements contained in the mandatory clauses (4-10) of ISO 27001. Similarly, with regard to the information security controls or measures, we will identify what gaps exist in relation to the controls of Annex A of the Standard.

Risk Assessment

ISO 27001 is fundamentally a risk-based standard, where you can identify the risks that are specific to your organization’s information assets and how best to treat them based on your risk appetite. Utilizing its ISO 27001 proven risk assessment tool Abriska, VERITAS can assist you not just in identifying the threats to your information assets but the likelihood and impact of them occurring. Once you have identified your greatest risks, you are then able to prioritize your risk treatment activities and maximize your time, effort, and budget. With Abriska, you will also be able to run all the necessary (ISO 27001) reports, i.e., Statement of Applicability (SoA), risk register, and risk treatment plan (RTP). The software tool is fully compatible with the 2022 version of the Standard, is populated with all the new controls, and offers a variety of transition options

Developing Policies and Processes

The risk assessment will determine policies and processes to develop and implement. Some may be existing policies and processes that need amending or refining, whereas others may need to be developed from scratch. Whichever it is, VERITAS will ensure they are developed with 2 goals in mind. Firstly, they will be tailored to match your culture and style and reflect what you actually do. Secondly, our consultants will ensure that anything produced will fully meet the requirements of ISO 27001. VERITAS can assist you in developing your IS Policy, along with all the supporting policies and processes.

Developing your ISMS Framework and Infrastructure

In order to conform with the requirements of ISO 27001, you will need to establish a framework and management system. VERITAS will draw upon its experience and help you establish some of the key components, such as:

• An information security forum (ISF)
• Monitoring and measurement mechanisms for management systems
• An information security training and awareness program.

Internal Auditing

Auditing is critical in ensuring your organization’s management system operates effectively. A significant challenge for many organizations is a lack of sufficiently competent resources or those with sufficient impartiality to cover all auditing needs. With VERITAS, our ISO 27001 auditors are skilled and knowledgeable in audit techniques and the subject of the audit while demonstrating independence from the audited area. VERITAS can offer your organization a flexible range of audit services, from planning and implementing a full 3-year’ ISO 27001 audit program to conducting individual audits against any aspect of the ISMS or any specific controls.

Full Implementation Support

As well as providing consultancy support against the above-mentioned areas, VERITAS’s ISO 27001 consultants can also provide guidance and knowledge transfer across the full implementation lifecycle of the Standard. Furthermore, VERITAS can offer your organization 2 levels of support:

• The first level of support is where VERITAS takes the lead in terms of development, and you review and approve
• The second level of support involves VERITAS providing a ‘light touch’ advisory and mentoring service, with you taking responsibility for developing your ISMS and VERITAS reviewing all outputs to assess if they fully meet the relevant requirements of the Standard.

Interim Information Security Manager

A further ISO 27001 service we can provide is our Interim Information Security Manager Service to cover for absence or while you recruit a permanent resource. Equally, VERITAS’s interim resource may be required to manage a specific project, e.g., implementing a management system complying with a new regulation or addressing a turnaround or change requirement.