About ISMS ALLIANCE

We’re committed to helping organizations worldwide obtain the benefits of international standard ISO 27001:2013 as quickly and effectively as possible.

We believe in the ability of international standards to improve business operations and protect what matters. That’s why we are certified to both ISO9001:2015 and ISO/IEC 27001:2013 and we operate a combined management system as part of our daily business.

You can rest assured that OUR team has all of the essential knowledge to help you become ISO certified, fast and effectively.

Meet The Team

Dylan Chavez

FOUNDER

CISSP, ISO IEC 27001 Lead Auditor & Lead Implementer, ITIL Expert and PRINCE2 Practitioner

Leona Hudson

CO-FOUNDER

ISMS Solutions Specialist, CISSP, CIPP/E, ISO IEC 27001 Lead Auditor and ITIL Expert.

Howard Harmon

DIRECTOR

Information Security Specialist, CEH, OSCP, COMPTIA + Security, CCP Senior Practitioner and SIRA.

98%

Successful
Applications

99%

Return On
Investment

100%

Completely
Secure

Why ISMS ALLIANCE ?

100% certification guarantee

ISMS ALLIANCE guarantees that our clients will achieve ISO 27001 certification within the agreed timeline. This guarantee is subject to contract and applies where the client meets the resource, competence and task completion requirements of the agreed project plan, and where the scope of the ISMS is not materially changed without agreement on both sides.

Global ISO 27001 pioneer

Our ISO/IEC 27001 consultancy services use methodologies and tools that have been developed and honed over more than 20 years.

Knowledge transfer to support client independence

Where appropriate, ISMS ALLIANCE focuses on developing clients’ knowledge and confidence in implementing and independently maintaining an effective ISMS. This approach reduces the need for continued support and minimises any additional costs being incurred.

Demonstrable track record

ISMS ALLIANCE has experience of many successful management system certification and cultural change projects, and has helped more than 400 clients with their certification projects.

Deep technical expertise

Our extensive expertise in ISO 27001, IT governance, the Payment Card Industry Data Security Standard (PCI DSS) and other leading standards means that we can help you cost-effectively integrate your ISMS with other security frameworks. Our comprehensive security solutions include Qualified Security Assessor (QSA) services for the PCI DSS, and CREST-accredited penetration tests. Clients can rest assured that work is delivered by qualified and knowledgeable individuals, and meets rigorous industry standards.

Recognised by third-party accredited certification bodies

ISO 27001 Solutions is independent of vendors and certification bodies, and encourages clients to select the best fit for their needs and objectives. ISO 27001 Solutions is widely recognised among UKAS-accredited certification bodies as a leading consultancy.

Any Questions?

Each toolkit consists of items created using Microsoft Office and delivered in 2010 format so that they can be opened and edited by Microsoft Office 2010 and later. Most templates are Word documents but there are also Excel spreadsheets, PowerPoint presentations and Visio diagrams within the toolkit. Some products also include a Microsoft Project file containing a plan for the implementation, and this is reproduced in Excel for customers who don’t use Project.

Once your order is submitted and accepted you will be able to download your product straight away from our site. You will also receive an email that contains a link to a secure site where you will be able to download later if you choose to. Each product consists of a zip file containing the full set of document templates. This means you will need a copy of Winzip or similar to access them. Once downloaded, just unzip the file and your toolkit will be available for you to get started.

Anything! You can change the layout, add sections or take them out, no problem. If you want to copy the content and insert it into your own document then that’s fine too. The documents are not locked down in any way so there are no restrictions on what you can do with them. Some Excel files have protected cells or sheets so that you don’t accidentally change them but no password is used so this can be removed if you choose to.

We currently have customers using our toolkit successfully in more than ninety countries including the USA, UK, UAE, Australia, Canada, South Africa, Indonesia, Germany, Ireland, The Netherlands, Nigeria, Malaysia, China, India, Russia, Saudi Arabia, France, Switzerland, and many more. Because the standard ISO IEC 27001 is international the requirements are the same in every country and we try our best to reflect regional variations where possible.

The toolkit will save you time because the documents you need to comply with the standard are already created and populated with meaningful content that is relevant to most organizations. So you have a huge head start compared to beginning with a blank page and a copy of the standard. Also, because the format of the documents and spreadsheets you will need to complete is already defined, you can concentrate on getting the contents exactly right for you without worrying too much about the structure.

To get the most out of implementing each of the standards, you will need to spend some time making the documents your own and reflecting your own specific organisation, culture, technical infrastructure, geographical location(s) and applications.

This is an essential part of making the standard work for you and the purpose of the toolkit is to guide you through this tailoring process. Full instructions on how to tailor the documents are included both within each document and in the comprehensive Implementation Guide.

Editing is normally done online within the workspace provided (with full revision/audit trail). We recommend using this workspace wherever possible as you can create links to other relevant areas of the platform, making for a much-improved user experience. In some instances, you may choose to upload documents and yes, they can all be ‘checked-out’ to show other users they are being worked on and then uploaded as a new version.
Whichever method you choose to manage your policies, full revision history and version control is taken care of.

Yes. You can copy and paste them directly into the Notes areas within your ISO 27001 framework, or you can upload a Word file. Either way, you’ll have a full audit trail of date, time and revisions.

Our platform supports all standard file formats including Word, Excel, pdf, video, sound, ppt, png, and many more.
You can also hyperlink to existing documentation in your Google Drive or Shared folders.

We constantly refine and update the templates based on feedback from customers and auditors and as part of our work as qualified consultants. In order for the update process to be as manageable as possible for us and our customers, we usually publish an update package several times a year, with details of what has been updated in the update Toolkit. We will notify you by e-mail when an update is available.

Our toolkit is designed to help you implement a management system that meets the requirements of each international standard. To become certified, you need to use a Registered Certification Body (RCB) in your country who will conduct a two stage audit process to verify that you meet the requirements. Once you have passed the second audit, your organization will be certified. We recommend you use a UKAS (UK Accreditation Service) or ANAB (ANSI-ASQ National Accreditation Board) accredited RCB for your audit. The costs of certification will be quoted to you in advance by the RCB you choose. Once certified, there will be an annual surveillance visit to confirm that your management system is still operating according to the requirements of the standard.

Given the business we’re in, we take security very seriously so all communication between your browser and our website is encrypted using the TLS protocol. As a company we are ISO/IEC 27001:2013 certified so we’re audited on a regular basis to make sure we do everything we can to protect your data.

Although we don’t hold credit card data ourselves, we are PCI-compliant and we make use of secure, PCI-compliant third parties.

Our base currency for pricing is the British Pound (£). We don’t use dynamic pricing in other currencies because our customers have told us that this makes it difficult for them in obtaining approval for purchases within their organization. Instead we keep an eye on currency fluctuations and make changes if we believe there is a case for it. This is normally when the change is significant and is likely to last for a reasonable period of time.

The payment providers we use have a variety of different ways to evaluate each credit card transaction and decide whether to accept it. This is outside of our control and sometimes you may find that a valid card is rejected on the first attempt. We would suggest that you check the details of the card including the registered address, number, expiry date and CVV code and try again. If you still have no success you can contact us to discuss alternative methods of payment, the main one being bank transfer.

We retain your data for one month post termination. This gives you ample time to export or copy any information out of your environment.

Our online platform is designed for easy team working and management overview, and as such, most of your ISMS work will be undertaken on the platform.
However, we recognise the need for external reporting and, therefore, there are a number of reporting and exporting options which produce in various MS Word, Excel and PDF options depending on the nature of the report being requested. You can print out the screen too using your browser print screen options, and relevant pages have been styled up. You can also export a report of the current policies and controls, with links to any documents identified too.
The important ones are the risk management, applicable legislation & interested parties tables – all are exportable to Excel.
Measurement and KPI reports are exportable too and, where start and due dates have been entered in your project, you have the ability to export to a Gantt chart if required.

We currently only promote our SaaS version of the software on the website. We can offer an on-premise option by exception but it is much more expensive than our SaaS offering for obvious reasons and would require some up front consulting work too. Our complete SaaS services start around just £350 per month for micro businesses whereas the on-premise starts at £50,000 GBP regardless of organisation size.

Ready to Talk