Use ISO27001 to Create Business Opportunities
Prove to customers that you understand and take information security and data protection seriously
Many organisations feel challenged, unprepared and exposed when managing increasingly complex business compliance requirements. The global threat landscape constantly challenges ICT estates, there are risks associated with personnel and remote working, and new data protection frameworks carry hefty penalties for errors. You seek a single solution which can be trusted to co-ordinate effective activities between your personnel, providing clear management reporting and promptly identifying any issues.
That’s where InfoSaaS will help. We openly challenge the spreadsheet-loving analysts, who take weeks to complete their compliance tasks. Our secure, cloud-based solution can be accessed from any internet-connected device, provides intuitive workflows and helpful guidance to colleagues of all abilities, supported by training as required. And you gain an insight into areas that you need to know about in second, informing your decision making, prioritisation and resourcing.
Work smarter, work secure … work with InfoSaaS.
You’re keeping great company
Your compliance challenges ...
Managing your organisations’ certifications and legislative adherence are not activities that you can afford to get wrong. They are key to the protection and status of your business; evidencing best practice information security, data protection and business compliance processes is essential.
If you are losing customers to competitors, or not winning the new business you seek, your compliance posture may be the reason why …
… and how InfoSaaS solves them
Using the InfoSaaS solution, you will quickly take control of business compliance tasks, taking control of risk assessments, security incidents, GDPR activities and much more.
Alongside our software, we are partnered with trusted consultants who will offer friendly support in using InfoSaaS if needed, either remotely or face-to-face.Get started
Successful ISO27001 Certification in 8 Steps
Initiating your ISMS Project
a. Purchase a copy of the ISO27001 standard
b. Obtain Senior Management Commitment for the project
c. Create the Implementation Project Team with cross-company representatives
d. Identify any other support resources that may be required
Defining your ISMS Project
Senior Management and the Project Team will collectively determine:
a. the organisation’s ISMS goals and objectives – what do you hope to achieve?
b. Define the Scope of the ISMS, agree any limits or exclusions
c. Understand relationships with any other management systems you may be operating
Documentation Preparation Activities
a. Information Security Policy – the top level requirements
b. Other supporting security policies (e.g. acceptable use, asset management etc.)
c. Other ISO27001 specified mandatory documents/records (e.g. internal audit proedure)
d. Other policies, processes, procedures and records required – as aligned to your organisation’s business activities
e. Determine and document the Risk Assessment approach, needed for the next step
Risk Assessment Activities
a. Provide risk assessment training to support asset, risk and control owners
b. Identify and evaluate all information assets
c. Perform information asset risk assessment activities
d. Identify all supporting assets upon which the security of information asset depends
e. Perform supporting asset risk assessment activities
Risk Treatment Activities
For risks assessed as being higher than your organisation’s acceptable level, proceed with:
a. Risk acceptance (accept the risk)
b. Risk avoidance (stop the activities which create the risk)
c. Risk reduction (add new security controls, or change the deployment of existing ones)
d. Risk transfer (transfer the risk to an organisation better placed to manage risks – e.g. a cloud service provider, or by taking out an insurance policy
Training, Education and Culture Initiatives
a. Provide general information security training for all personnel
b. Training for contractors, third parties and other dependencies
c. Deliver security incident training (identification, reporting, investigation etc.)
d. Ensure that data protection (GDPR) training has also been delivered
e. Plan for ongoing and progressive training activities
Preparation for External Assessment
a. Verify that all requirements of the Standard have been met
b. Check that all required policies, procedures and supporting records are complete
c. Ensure first internal audits have been completed and findings have been remediated
d. Produce the initial Statement of Applicability (InfoSaaS produces this automatically)
e. Select, engage and confirm audit details with your selected certification company
External Certification Audit
a. Undertake a gap analysis (optional stage)
b. Stage 1 Assessment – addresses the management elements and documentation required by the standard
c. Stage 2 Assessment – the assessor will examine the implementation of the ISMS by assessing employees and working practices
d. A successful Stage 2 Assessment will result in your ISO27001 certificate being awarded!