Sail Through Your Next ISO27001 Audit

Get started for free today with the InfoSaaS Information Security Management System

Clear reporting, comprehensive functionality, intuitive features and extensive customisation options combine to support organisations of any size in any business sector.

Get started for FREE. Once you’ve tried it, you can take advantage of our COVID-19 bounceback pricing. At InfoSaaS we’re committed to supporting the needs of businesses of all sizes through what has been a difficult 2020 so far.

Get Started for FREE

Your number one solution for:

Project Planning

Introducing an Information Security Management System or achieving ISO27001 certification can appear to be a complex and daunting task.

InfoSaaS ensures the process is made easy, giving you clarity and understanding throughout the planning and implementation stages.

ISMS Documentation

ISO27001 mandates a set of information security policies and procedures. InfoSaaS provides an extensive range of templated policies, procedures, forms and informational guides.

These can easily edited to reflect your organisation’s specific needs.

Risk Management

Risk management is an integral component of every ISMS – requiring the effective identification, assessment and treatment of applicable vulnerabilities and threats.

InfoSaaS provides an industry-leading, cloud-based solution which effectively delivers this requirement, with support from an InfoSaaS consultant if required.

Supplier Management

Your organisation may be using a diverse selection of third-party companies to deliver products or services. Each of these has the potential to introduce business or security risks, if not managed correctly.

InfoSaaS has developed an automated Supplier Chain Management function, which allows for the ready assessment of the capabilities and resilience of each supplier.

Audit Services and Certification Support

Our network of InfoSaaS consultants has extensive experience in managing successful implementation and certification projects which have been subject to formal assessment undertaken by the larger assessment and audit bodies.

On-site workshops or remote support can be arranged to help your organisation to prepare for all aspects of external certification assessments.

Dashboard, Risk Register and Reviews

Traditional approaches to managing an ISMS have been manual, time consuming and rarely provide meaningful insights into the cyber health of an organisation to its senior management or stakeholders.

InfoSaaS risk management solutions efficiently manage these requirements, providing unprecedented visibility, real-time management reviews and escalations of risk-related activities and other key ISMS activities.


An Information Security Management System requires your organisation’s personnel have received appropriate training on matters relating to information security, data protection and cyber threats.

Our Document Packs contain effective training material which can easily be customised to meet your organisation’s specific training needs. Training can also be delivered on-site or remotely by an InfoSaaS consultant.

Virtual CISO

A virtual Chief Information Security Officer (CISO) can provide strategic, compliance and operational leadership on information security matters to organisations that may not be able to afford a full-time resource.

CISOs are traditionally an expensive resource. An alternative is for you to use a Virtual CISO from InfoSaaS. You can benefit from their experience and direction on-demand and on a part-time basis.

Start your InfoSaaS free trial today.

An effective Information Security Management System (ISMS) will help your organisation to manage and protect its information and important assets against risks, by implementing processes to identify, mitigate and manage a wide variety of threats and vulnerabilities. InfoSaaS is at the core of the achievement and retention of formal ISO27001 certification (and other verification activities) for many of our customers.

Here’s five reasons why …

  • to benefit from our experience to introduce effective security processes and controls
  • to shorten the time frame to a successful certification audit result
  • to meet your clients’ requests for ISO27001 certification to protect their data
  • to differentiate your organisation in competitive or regulated markets
  • to reduce the ongoing resource and time commitment to maintain high assurance levels

“InfoSaaS delivers functionality which addresses 85% of the requirements from ISO27001:2013”.

Get Started For FREE

Your compliance challenges ...

Managing your organisations’ certifications and legislative adherence are not activities that you can afford to get wrong. They are key to the protection and status of your business; evidencing best practice information security, data protection and business compliance processes is essential.

If you are losing customers to competitors, or not winning the new business you seek, your compliance posture may be the reason why …

… and how InfoSaaS solves them

Using the InfoSaaS solution, you will quickly take control of business compliance tasks, taking control of risk assessments, security incidents, GDPR activities and much more.

Alongside our software, we are partnered with trusted consultants who will offer friendly support in using InfoSaaS if needed, either remotely or face-to-face.

Get Started for FREE

Successful ISO27001 Certification in 8 Steps


Initiating your ISMS Project

a. Purchase a copy of the ISO27001 standard

b. Obtain Senior Management Commitment for the project

c. Create the Implementation Project Team with cross-company representatives

d. Identify any other support resources that may be required


Defining your ISMS Project

Senior Management and the Project Team will collectively determine:

a. the organisation’s ISMS goals and objectives – what do you hope to achieve?

b. Define the Scope of the ISMS, agree any limits or exclusions

c. Understand relationships with any other management systems you may be operating


Documentation Preparation Activities

a. Information Security Policy – the top level requirements

b. Other supporting security policies (e.g. acceptable use, asset management etc.)

c. Other ISO27001 specified mandatory documents/records (e.g. internal audit proedure)

d. Other policies, processes, procedures and records required – as aligned to your organisation’s business activities

e. Determine and document the Risk Assessment approach, needed for the next step


Risk Assessment Activities

a. Provide risk assessment training to support asset, risk and control owners

b. Identify and evaluate all information assets

c. Perform information asset risk assessment activities

d. Identify all supporting assets upon which the security of information asset depends

e. Perform supporting asset risk assessment activities


Risk Treatment Activities

For risks assessed as being higher than your organisation’s acceptable level, proceed with:

a. Risk acceptance (accept the risk)

b. Risk avoidance (stop the activities which create the risk)

c. Risk reduction (add new security controls, or change the deployment of existing ones)

d. Risk transfer (transfer the risk to an organisation better placed to manage risks – e.g. a cloud service provider, or by taking out an insurance policy


Training, Education and Culture Initiatives

a. Provide general information security training for all personnel

b. Training for contractors, third parties and other dependencies

c. Deliver security incident training (identification, reporting, investigation etc.)

d. Ensure that data protection (GDPR) training has also been delivered

e. Plan for ongoing and progressive training activities




Preparation for External Assessment

a. Verify that all requirements of the Standard have been met

b. Check that all required policies, procedures and supporting records are complete

c. Ensure first internal audits have been completed and findings have been remediated

d. Produce the initial Statement of Applicability (InfoSaaS produces this automatically)

e. Select, engage and confirm audit details with your selected certification company


External Certification Audit

a. Undertake a gap analysis (optional stage)

b. Stage 1 Assessment – addresses the management elements and documentation required by the standard

c. Stage 2 Assessment – the assessor will examine the implementation of the ISMS by assessing employees and working practices

d. A successful Stage 2 Assessment will result in your ISO27001 certificate being awarded!

“The Bluemetrix team have found the InfoSaaS solution to be both comprehensive and easy to use: it has made a significant contribution to the maturity and robustness of our information security and data protection activities”.

Liam English, CEO

“The InfoSaaS platform has been enormously helpful as we work towards our ISO27001 certification goal. The structure, support and documentation available have allowed us to make quick progress now that we can easily track all of our assets, risks and actions.”

Chris Thompson, Managing Director

“At the end of the certification audit process, the auditor commented how effective our ISMS is. For me it is very satisfying to hear, from an external point of view, that we’re doing things right”.

Linda Jeffery, Project Manager

“If we weren’t using InfoSaaS, we would have had to use countless documents and spreadsheets – and that would have required far more effort!”

Paola Fulchignoni, Security Officer

“InfoSaaS provides an effective and integrated GRC solution, which makes a significant contribution to the information security posture of our clients. It has provided invaluable in guiding customers towards GDPR compliance, and we remain impressed by the new features which are added on a regular basis. Great work!”

Karen Godwin, Director

“It was clear that InfoSaaS was going to be the easiest to use … and was going to help us keep on top of everything properly.”

James Chillman, Managing Director

Learn more

“InfoSaaS provides established and credible solutions for delivering information security and data governance, proven time and again with successful certification results amongst our client portfolio. We have no hesitation in recommending InfoSaaS.”

Martin Law, Information Security Entrepreneur