Organisations seeking ISO Certification for ISO/IEC 27001 can turn to us for assistance and guidance.
Our focus on implementing management controls to protect information assets across the Organisation. We embraces a risk based, management system approach to information security in line with ISO/IEC 27001:2013. We offer a road map of services to assist their clients in developing and implementing a relevant and sustainable ISMS. We can assist you through a number of key activities, mentoring your internal resources to ensure that the resulting system is one that is practical in your environment.
Key Benefits of achieving ISO/IEC 27001 Certification
Differentiation from your competitors by providing your organization with independent verification that your information security management system has met the requirements of this globally-recognized information security standard.
Reducing costs on additional compliance efforts. Common processes, procedures and controls implemented as part of ISO 27001 conformance can be leveraged for other compliance efforts such as PCI, HIPAA, and Sarbanes-Oxley.
We offer the following Road Map of achieving ISO 27001 Certification
Gaining basic understanding about the business functions. Developing required documentation along with defining the scope of ISMS. Developing and implement a Document Control Procedure and a Records Management Procedure and taking the higher management on board by developing ISMS Manual.
Gap / Risk Assessment
The risk assessment phase will include identification and classification of critical assets which will be performed by conducting interview and filling questionnaire with all the departments within the scope of ISMS.
Documenting Policies & Procedures
Based on the Statement of Applicability (SOA) and the ISO 27001 standard, our consultants will develop the ISMS documentation for the controls as defined in the ‘Annex A’ of the standard, covering policies and procedures and work together with the implementation team to institute behavioral changes and implement those required technical & management control measures that form the Information Security Management System.
Training & Awareness
The Risk Associates consultants will conduct awareness sessions for the staff who will work with ISMS to ensure effective implementation of controls and their continuous operating effectiveness throughout ISMS lifecycle.
After a successful internal audit where all identified non-compliance and improvement opportunities, with Corrective Action Request (CAR) have been addressed proceeding to the certification audit can commence. We will help you prepare for the certification audit and selecting the independent ISO/IEC 17021-1:2015 accredited certification body who will perform the audit.
The certification audit consists of 2 stages:
Stage 1 audit is conducted on-site and remotely, is a desktop assessment to evaluate your management system documentation, including policies, processes, management review records, scope and context as well as system implementation. The objective is to determine your readiness for a full assessment.
Stage 2 audit is conducted onsite, includes in-depth assessment to ensure the effectiveness of your management system and of the implemented controls. Assess compliance with the standard’s requirements and report any non-conformances or potential non-conformances that will have to correct before the certification can be issued.
At the end of a successful stage 2 audit process is complete, a 'Statement of Certification' is issued, confirming compliance with the relevant standard. This certification is valid for a 3-year period from the date of issue.
Surveillance audits will need to be performed on a annual basis to maintain your certification.
It is imperative to Risk Associates that impartial and transparent assessment and accreditation services are provided to each client. We highly appreciate and encourage comments and feed-backs from concerned parties on the performance of applicant and certification body in order to improve services. We vow to address all enquires including suggestions, complaints, appeals and misuse of accreditation status or scheme owner logos with equity, in an appropriate and timely manner.