Our Certification Preparation service framework is presented in the following info-graphics:

• Step 1:

  Scope:

  We help define scope of ISO/IEC 27001 (ISMS) implementation: When a company or organization decides to implement ISMS, they first need to define its scope. Simply put, it is important to identify and decide what information the company intends to protect. It is required for ISO 27001 Certification under Clause 4.3
• Step 2:

  Policies:

  Once the scope is defined, we help to create all ISMS policies.
• Step 3:

  Identify Assets:

  We identify all assets that need to be covered under the defined scope of ISMS. The assets should include: Databases, Applications, Systems, People, Process, Technology and Physical Locations.
• Step 4:

  Risk Assessment & Treatment Plan:

  We build a robust risk assessment and risk treatment plan. The plan should include building a risk register along with: Assets, Threats, Vulnerabilities, Impact, Likely-hood, Controls Necessary, Residual Risk and Risk Acceptance Criteria.
• Step 5:

  Gap Analysis:

  Once risk treatment plan is drawn, we conduct a Gap Analysis to identify gaps between security-controls required by the standard and security-controls already applied within the ISMS scope. Gap Analysis report leads to a security improvement plan.
• Step 6:

  Remediation Plan:

  We work with your IT/security and management teams to get the required controls (per the Gap Report) implemented to the specifications of the standard.
• Step 7:

  Training & Awareness:

  We help your team build the organization-wide security training and awareness program.
• Step 8:

  Stage 1 & Stage 2 Audits:

  We prepare you for the external Certification Audit and provide continuous support as required.