Idrach Ltd - An Introduction to ISO27000

Services for ISO27001

With security leaks and incidents the stuff of headlines it is both desirable and, in many cases, a customer or other requirement for companies to be compliant with ISO 27000 standards.

Gap analysis

Because 27001 works with the operational system of your company, rather than imposing formal policies and conditions it is necessary to run a gap analysis as a first stage to your audit. This enables you to justify reasonable security risk in the balance of operational expediency, however these justifications must be reasonable and they must be formally agreed to at appropriate levels of the business.

Preparation 27001 for audit.

Once the gap analysis complete you can then decide whether you wish to push forward to achieve ISO 27001 certification in the short term, or to take a more medium term route to improve your overall security management with the aim of ultimately achieving certification when it is operationally expedient.

Development of policies.

Successful consistent security in business is best set out in a policy document which will provide a reference point for all employees at all levels and experience. If you are seeking ISO 27001 accreditation these documents are part of the evidence you will need to provide to the auditor. It is, therefore, important that they are prepared in a way that both meets certification requirements and reflects the needs of your business. We can help you to prepare these policy documents.

Develop your risk treatment plan.

The requirement to deploy controls within ISO 27001 is based on the individual organization's risk appetite and its specific assessment of security risks. Once the high and other significant risk areas have been identified we can work with you to mitigate those risks in a way that, where possible, allows your business to continue with the same, or improved level of efficiency. If you are aiming for certification, this will normally fall in to 2 areas: a Security Improvement Programme, before your certification audit, and the ongoing Risk Treatment Plan, taking care both of issues requiring longer-term fixes and for new or recently recognized risk areas.

Design and implementation of necessary controls

Once procedures have been designed it is important that their relevance and effectiveness can be monitored and tracked. This means that issues flagged up can be addressed before they become incidents.

Staff Security awareness.

Business security awareness must be an ongoing part of operational activity in the organization. Not only will you need some business awareness training as the supporting backbone to your ISO 27001 preparations, but also from time to time yourself and your staff to be made aware of new issues or hazards. However businesses today are often unwilling or unable to pay for traditional, day or half day security awareness training. Our training approach is based on the idea that the use of innovative approaches, which make sparing use of traditional presentation-style approaches can mean that training can be delivered in an efficient and effective way.

These training programs are compliant with ISO 27000 standards as well as recommendations from the Financial Services Agency.

Idrach Ltd is not accredited to provide certication audits therefore cannot offer such services. We can work with you to select an appropriate provider with knowledge of your business area(s) and capable of fitting in with your other requirements.