Sail Through Your Next ISO27001 Audit
Get started for free today with the InfoSaaS Information Security Management System
Clear reporting, comprehensive functionality, intuitive features and extensive customisation options combine to support organisations of any size in any business sector.
Get started for FREE. Once you’ve tried it, you can take advantage of our COVID-19 bounceback pricing. At InfoSaaS we’re committed to supporting the needs of businesses of all sizes through what has been a difficult 2020 so far.
Your number one solution for:
Introducing an Information Security Management System or achieving ISO27001 certification can appear to be a complex and daunting task.
InfoSaaS ensures the process is made easy, giving you clarity and understanding throughout the planning and implementation stages.
ISO27001 mandates a set of information security policies and procedures. InfoSaaS provides an extensive range of templated policies, procedures, forms and informational guides.
These can easily edited to reflect your organisation’s specific needs.
Risk management is an integral component of every ISMS – requiring the effective identification, assessment and treatment of applicable vulnerabilities and threats.
InfoSaaS provides an industry-leading, cloud-based solution which effectively delivers this requirement, with support from an InfoSaaS consultant if required.
Your organisation may be using a diverse selection of third-party companies to deliver products or services. Each of these has the potential to introduce business or security risks, if not managed correctly.
InfoSaaS has developed an automated Supplier Chain Management function, which allows for the ready assessment of the capabilities and resilience of each supplier.
Audit Services and Certification Support
Our network of InfoSaaS consultants has extensive experience in managing successful implementation and certification projects which have been subject to formal assessment undertaken by the larger assessment and audit bodies.
On-site workshops or remote support can be arranged to help your organisation to prepare for all aspects of external certification assessments.
Dashboard, Risk Register and Reviews
Traditional approaches to managing an ISMS have been manual, time consuming and rarely provide meaningful insights into the cyber health of an organisation to its senior management or stakeholders.
InfoSaaS risk management solutions efficiently manage these requirements, providing unprecedented visibility, real-time management reviews and escalations of risk-related activities and other key ISMS activities.
An Information Security Management System requires your organisation’s personnel have received appropriate training on matters relating to information security, data protection and cyber threats.
Our Document Packs contain effective training material which can easily be customised to meet your organisation’s specific training needs. Training can also be delivered on-site or remotely by an InfoSaaS consultant.
A virtual Chief Information Security Officer (CISO) can provide strategic, compliance and operational leadership on information security matters to organisations that may not be able to afford a full-time resource.
CISOs are traditionally an expensive resource. An alternative is for you to use a Virtual CISO from InfoSaaS. You can benefit from their experience and direction on-demand and on a part-time basis.
Start your InfoSaaS free trial today.
An effective Information Security Management System (ISMS) will help your organisation to manage and protect its information and important assets against risks, by implementing processes to identify, mitigate and manage a wide variety of threats and vulnerabilities. InfoSaaS is at the core of the achievement and retention of formal ISO27001 certification (and other verification activities) for many of our customers.
Here’s five reasons why …
- to benefit from our experience to introduce effective security processes and controls
- to shorten the time frame to a successful certification audit result
- to meet your clients’ requests for ISO27001 certification to protect their data
- to differentiate your organisation in competitive or regulated markets
- to reduce the ongoing resource and time commitment to maintain high assurance levels
“InfoSaaS delivers functionality which addresses 85% of the requirements from ISO27001:2013”.
Your compliance challenges ...
Managing your organisations’ certifications and legislative adherence are not activities that you can afford to get wrong. They are key to the protection and status of your business; evidencing best practice information security, data protection and business compliance processes is essential.
If you are losing customers to competitors, or not winning the new business you seek, your compliance posture may be the reason why …
… and how InfoSaaS solves them
Using the InfoSaaS solution, you will quickly take control of business compliance tasks, taking control of risk assessments, security incidents, GDPR activities and much more.
Alongside our software, we are partnered with trusted consultants who will offer friendly support in using InfoSaaS if needed, either remotely or face-to-face.Get Started for FREE
Successful ISO27001 Certification in 8 Steps
Initiating your ISMS Project
a. Purchase a copy of the ISO27001 standard
b. Obtain Senior Management Commitment for the project
c. Create the Implementation Project Team with cross-company representatives
d. Identify any other support resources that may be required
Defining your ISMS Project
Senior Management and the Project Team will collectively determine:
a. the organisation’s ISMS goals and objectives – what do you hope to achieve?
b. Define the Scope of the ISMS, agree any limits or exclusions
c. Understand relationships with any other management systems you may be operating
Documentation Preparation Activities
a. Information Security Policy – the top level requirements
b. Other supporting security policies (e.g. acceptable use, asset management etc.)
c. Other ISO27001 specified mandatory documents/records (e.g. internal audit proedure)
d. Other policies, processes, procedures and records required – as aligned to your organisation’s business activities
e. Determine and document the Risk Assessment approach, needed for the next step
Risk Assessment Activities
a. Provide risk assessment training to support asset, risk and control owners
b. Identify and evaluate all information assets
c. Perform information asset risk assessment activities
d. Identify all supporting assets upon which the security of information asset depends
e. Perform supporting asset risk assessment activities
Risk Treatment Activities
For risks assessed as being higher than your organisation’s acceptable level, proceed with:
a. Risk acceptance (accept the risk)
b. Risk avoidance (stop the activities which create the risk)
c. Risk reduction (add new security controls, or change the deployment of existing ones)
d. Risk transfer (transfer the risk to an organisation better placed to manage risks – e.g. a cloud service provider, or by taking out an insurance policy
Training, Education and Culture Initiatives
a. Provide general information security training for all personnel
b. Training for contractors, third parties and other dependencies
c. Deliver security incident training (identification, reporting, investigation etc.)
d. Ensure that data protection (GDPR) training has also been delivered
e. Plan for ongoing and progressive training activities
Preparation for External Assessment
a. Verify that all requirements of the Standard have been met
b. Check that all required policies, procedures and supporting records are complete
c. Ensure first internal audits have been completed and findings have been remediated
d. Produce the initial Statement of Applicability (InfoSaaS produces this automatically)
e. Select, engage and confirm audit details with your selected certification company
External Certification Audit
a. Undertake a gap analysis (optional stage)
b. Stage 1 Assessment – addresses the management elements and documentation required by the standard
c. Stage 2 Assessment – the assessor will examine the implementation of the ISMS by assessing employees and working practices
d. A successful Stage 2 Assessment will result in your ISO27001 certificate being awarded!