ISO 27001 - The Process
ISO 27001 Gap Analysis
The first step in an ISO 27001 project is usually a gap analysis.
By reviewing your current processes against the ISO 27001 standard, Spritzmonkey will be able to identify any control gaps by providing a health report of current control effectiveness and problem areas. This is an excellent way to kick off your organisation's project to achieve ISO 27001 certification, as the gap analysis will enable you to estimate the likely effort required for implementation of the main ISO 27001 certification project.
At the end of the assignment you will typically receive a report containing:
Executive summary including any high-risk areas
Assessment of management system elements
Assessment of security controls against Annex A of the standard
Recommendations and next steps
Need help?
Please contact us to arrange a telephone or face-to-face appointment to discuss you needs.
ISO 9001
ISO 27001 Certification Process
Spritzmonkey can take you through the whole process of achieving ISO 27001 certification, from the moment your business decides the standard is one they want to achieve, through to Support and Management of the resulting Information Security Management System.
The implementation project can be achieved as either a coaching and mentoring service to your internal resource or by outsourcing some or all of the project. By using Spritzmonkey to guide your ISO 27001 certification project you will be utilising our tried and tested methods and skills. You will also have access to our existing document templates and knowledge of what it takes to succeed in ISO 27001 certification.
Your ISO 27001 certificate will be issued by a UKAS-accredited certification body. We can work with you to obtain quotes and assist with the selection process. This independent assessment is carried out by your choice of certification body and we are happy to help you regardless of which one you choose.
We can help with all aspects of the project including:
Initial gap analysis
Project planning and management
Setting an appropriate scope
Risk assessment
Defining the Statement of Applicability (SoA)
Policy creation
Staff awareness training
Internal audits
Management review meetings
Preparation for external audit so you succeed first time
Full liaison with UKAS-accredited audit body
Next steps
Get In Touch
To discuss ISO 27001 or anything else please get in touch using the form below or the other contact details on our site.