Manage Your Organisations’ Certifications

Demonstrate to your customers that you take information security and data protection seriously.

Many organisations feel challenged, unprepared and exposed when managing seemingly complex business compliance process. The global threat landscape constantly challenged ICT estates, there are risks associated with personnel and remote working, and new data protection frameworks carry hefty penalties for errors. You need a single system which can be trusted to co-ordinate effective activities between your personnel, providing immediate visibility of levels of conformance and any issues.

That’s where InfoSaaS will help. We challenge the historic notion of this being an exclusive domain of specialist, spreadsheet-loving analysts, taking weeks to complete compliance tasks. Our secure, cloud-based solution can be accessed from any internet-connected device, provides intuitive workflows and helpful guidance to colleagues of all abilities, supported by training as required. And you gain an insight into areas that you need to know about, informing your prioritisation and resourcing.

Work smarter, work secure … work with InfoSaaS.

You’re in good company

The problems you face…

Managing your organisations’ certifications and legislative compliance are not activities that you can afford to get wrong. There is great importance for the protection and status of your business; evidencing best practice information security, data protection and business compliance processes is essential.

… and how InfoSaaS solves them.

Through our easy to use automated platform, you will quickly be able to take control of business compliance tasks, taking control of risk assessments, security incidents, GDPR activities and much more.

Alongside our software, we are partnered with trusted consultants who will offer friendly support in using InfoSaaS if needed – either remotely or face-to-face.

Get started

How to successfully gain ISO27001 certification


Initiating the ISMS Project

a. Purchase a copy of the ISO27001 standard
b. Obtain Senior Management Commitment
c. Create the Implementation Project Team
d. Identify any other resources that are required


Defining the ISMS Project

Senior Management and the Project Team determine:
a. Define the organisation’s ISMS goals and objectives
b. Define the Scope of the ISMS, agree any limits or exclusions
c. Understand relationship to other management systems


Documentation Preparation Phase

a. Information Security Policy
b. Other supporting (specific) security policies
c. Other ISO27001 specified mandatory documents/records
d. Other policies, processes, procedures and records required
e. Determine and document the Risk Assessment Approach


Risk Assessment Activities

a. Provide risk assessment training for asset, control and risk owners
b. Identify and evaluate all information assets
c. Perform (appropriate) risk assessment activities
d. Identify all supporting assets, and perform risk assessments


Risk Treatment Activities

a. Risk acceptance
b. Risk avoidance
c. Risk reduction
d. Risk transfer


Training, Education and Culture Initiatives

a. General information security training for all personnel
b. Training for contractors, third parties and other dependencies
c. Security incident training (identification, reporting etc.)


Preparation for External Assessment

a. Verify all requirements of the Standard have been met
b. Check policies, procedures and records are complete
c. Ensure first internal audits have been completed
d. Produce initial Statement of Applicability
e. Select, engage and confirm audit details with certification company


External Certification Audit

a. Gap analysis (optional stage)
b. Stage 1 Assessment – Management and Documentation
c. Stage 2 Assessment – Implementation
d. Receive certificate and celebrate 

In their own words ...

Achieve your goals

InfoSaaS is a leading business compliance solution, providing an effective solution to legislative compliance, the management of  risk and many other related activities.

We have a heritage of helping  organisations of all sizes to streamline their compliance workloads, reducing human error and gain proper control and valuable insights across information security, risk management, data protection, supply chain management and more. This is invaluable help in achieving and retaining external certification.