ISO 27001

When you need to get certified, but a lack of time or in-house know-how is getting in the way,
I can help.

Efficient

My proven process and expert guidance will enable you to achieve ISO 27001 certification up to 80% faster than doing this in-house.

Effective

My certification-ready document templates ensure you meet the requirements of ISO 27001 the first time around.

Enjoyable

Clients frequently say that my guidance, focus, and pragmatism turn a frustrating process into an (almost) enjoyable experience.

ISO 27001: Why?

Win New Business

ISO 27001 certification proves that you are taking security seriously. It could give you an edge over your competition.

Certification proves you are not high risk.

Keep Existing Clients

Enterprises and regulated firms are asking detailed questions about your security. When you are ISO 27001 certified, you have the right answers.

ISO 27001 means fewer questions.

Be More Secure

ISO 27001 is regarded as the global standard in Information Security Management.

In case we forget this is about security.

ISO 27001: What?

Do It

You will need to implement the mandatory requirements of the ISO 27001 standard.

This is not about technical security.

Prove It

To get certified, your work will be thoroughly checked by internal and external auditors.

Auditors aren’t cheap.

Sustain It

You need to sustain your security activity, as you will be audited at least annually.

Even when the day job gets busy

ISO 27001: How?

Do It In-House

With the right skills and enough time, you could do it in-house.

Do you have the time & skills to do it?

Use a Platform

There are online platforms that will help you manage the project and documentation.

But they won’t do the work.

Bring in Expertise

Get help from people who have done this before and know how to avoid the pitfalls.

Why wouldn’t you pick this option? :)

How Can I Help?

I will ensure you are ready to attain and retain ISO 27001 certification without losing your sanity.

Step 1: Readiness Assessment

The Readiness Assessment Workshop enables you to gain a detailed understanding of the requirements of ISO 27001 and to identify the key actions you will need to complete before you are ready for ISO 27001 certification.

Over the course of a half-day or day (depending on the size and complexity of your organisation), we will meet in-person or online to:
    • Walk through each of the different requirements of ISO 27001 (Sections 4 – 10 of the standard, and the 93 Annex A security controls).
    • For each requirement: we will discuss what good’ / compliant looks like, and then 
    • We will identify the gap between good / compliant and where you are right now. 

After the workshop:

  • I provide a bulleted Readiness Assessment Report to remind workshop participants of the key gaps identified.
  • For larger organisations or where appropriate, I can also provide a higher level report to get the organisation’s senior decision makers up-to-speed on these key gaps.

Outcome: You will know what it will take for you to certify to the requirements of the ISO 27001:2022 standard and where your biggest challenges are likely to be.

Step 2: Roadmap Planning

After Step 1, if you decide that ISO 27001 is right thing for you right now, I can help you formulate a logical roadmap and implementation plan.
 
While step 1 is focused on identifying WHAT needs to be done, Step 2 focuses on HOW, WHO, and WHEN.
 
Over the course of a half-day or day (depending on the size and complexity of your organisation), we will meet in-person or online to:
  • Review the key gaps identified. 
  • Walk through my proven approach to address these gaps.
  • Discuss how this approach will work within your organisation, including who is likely to be best place to do it, how they can do it, and when they will need to do it.

Outcome: You will know the logical steps and phases that you should follow in your ISO 27001 alignment / certification project, so you don’t lose momentum and you don’t lose your sanity.

Step 3: Implementation

Using the Readiness Assessment and the Roadmap as the guide, and my methodology and document templates as the boost, I can drive, or guide, the project so you can align to the requirements of ISO 27001.

When you are ready for certification, I can provide you with access to independent internal audit expertise, help you select an external audit provider, and liaise with these auditors during the audit & certification process.

Outcome: You will get ISO 27001 certified with ease and with sanity.

Step 4: Ongoing Support

ISO 27001 is not a ‘one-and-done’ and getting certified is not the end. You need to maintain and sustain specific activities to retain your certification. During the implementation, I will show you how to do it. Some organisations can still have trouble because the ‘day job’ prevents their people from completing all of the required activities.

My retained support will ensure their day job does not put your ISO 27001 certification at risk.

Outcome: You retain your ISO 27001 certification. And your sanity.

Where to Start?

Getting ISO 27001 certified is a significant commitment (in time, money, and attention).

Before you make that commitment, you should make sure it is the right thing for you to do right now.

If you’d like my help to figure this out, or to discuss whether I’m the right person to help you with this, let’s talk.

My Guarantee: This is NOT a sales conversation – It will focus on helping you decide if ISO 27001 is the right direction for you. If it is right and you are interested in understanding if / how I could help you, we can certainly talk about that. But it is not the purpose of this call.

Alternatively, if you want to get in touch using the Contact Form to tell me more about your situation, I will revert with my initial view on whether ISO 27001 is right for you right now.