Manage Your Organisations’ Certifications

Prove to customers that you take information security management seriously.

Organisations often feel unprepared and exposed when managing the compliance process.

Achieving ISO27001 can enhance your business reputation and is often sought after by customers, regulators and partners. However, it’s renowned for being a specialist labour intensive task, using spreadsheets and prone to human mistakes.

sme

You’re in good company

The problems you face…

Managing your organisations’ certifications is not a process you want to get wrong. There is great importance for the protection and status of your organisation; evidencing best practice information security processes is essential.

We understand that you’ll be looking to find a better way to identify, assess, control and reduce risk, year after year.

… and how we can solve them.

Through our easy to use automated platform, you will be able to manage business compliance and take control of risk, governance and compliance audits.

Alongside our software, we are partnered up with trusted consultants across the UK, who will offer ongoing support in using InfoSaaS; remotely or face-to-face.

Get started

How to successfully gain ISO27001 certification

01

Initiating the ISMS Project

a. Purchase a copy of the ISO27001 standard
b. Obtain Senior Management Commitment
c. Create the Implementation Project Team
d. Identify any other resources that are required

02

Defining the ISMS Project

Senior Management and the Project Team determine:
a. Define the organisation’s ISMS goals and objectives
b. Define the Scope of the ISMS, agree any limits or exclusions
c. Understand relationship to other management systems

03

Documentation Preparation Phase

a. Information Security Policy
b. Other supporting (specific) security policies
c. Other ISO27001 specified mandatory documents/records
d. Other policies, processes, procedures and records required
e. Determine and document the Risk Assessment Approach

04

Risk Assessment Activities

a. Provide risk assessment training for asset, control and risk owners
b. Identify and evaluate all information assets
c. Perform (appropriate) risk assessment activities
d. Identify all supporting assets, and perform risk assessments

05

Risk Treatment Activities

a. Risk acceptance
b. Risk avoidance
c. Risk reduction
d. Risk transfer

06

Training, Education and Culture Initiatives

a. General information security training for all personnel
b. Training for contractors, third parties and other dependencies
c. Security incident training (identification, reporting etc.)

07

Preparation for External Assessment

a. Verify all requirements of the Standard have been met
b. Check policies, procedures and records are complete
c. Ensure first internal audits have been completed
d. Produce initial Statement of Applicability
e. Select, engage and confirm audit details with certification company

08

External Certification Audit

a. Gap analysis (optional stage)
b. Stage 1 Assessment – Management and Documentation
c. Stage 2 Assessment – Implementation
d. Receive certificate and celebrate 

Take their word for it

Achieve your goals

InfoSaaS is the UK’s leading platform to manage business compliance and control risk.

We help organisations of all sizes to streamline workloads, prevent human error and gain control across information security, risk management and data protection. This makes it quicker and easier to achieve certification.