{"id":717,"date":"2017-09-30T11:03:44","date_gmt":"2017-09-30T11:03:44","guid":{"rendered":"https:\/\/iso27001.solutions\/?page_id=717"},"modified":"2019-03-11T16:20:26","modified_gmt":"2019-03-11T16:20:26","slug":"isms-online-consultancy","status":"publish","type":"page","link":"https:\/\/ismsalliance.com\/services\/isms-online-consultancy\/","title":{"rendered":"ISO 27001 \/ ISMS Online Consultancy"},"content":{"rendered":"
The ISO 27001 Online Consultancy Service will have you ready for accredited certification to ISO 27001:2013 in just a few months for a one-off fee.<\/p>\n
ISMS ALLIANCE has worked with many clients over the last ten years to develop this unique service, enabling you to implement an ISMS (information security management system) and develop documentation that is suitably scaled to the size of your organisation.<\/p>\n<\/div><\/div><\/div>
This package is ideal for organisations of 19 people and fewer, including the CEO and management \/ executive team.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>
You should already have a basic level of cyber security in place (e.g. those measures indicated by the UK Government for small businesses. We advise clients to either have achieved Cyber Essentials certification (a UK cyber security standard) or be planning to achieve Cyber Essentials certification in parallel with their ISO 27001 project.<\/p>\n
Please see the section on Cyber Essentials at the end of this document for more information.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div> You will be assigned a qualified consultant who will work with you and undertake all the key activities of setting up a working ISO 27001 Information Security Management System which reflects your business objectives and requirements, and is suitably scaled to the size of your organisation.<\/p>\n The project follows our experts proven methodology for implementing an ISMS.<\/p>\n 1. Project mandate<\/strong><\/p>\n The first stage focuses on collating information relating to your commitment to proceed with the project and producing an information security policy that reflects the appropriate objectives for your organisation. This will define the scope of the ISMS and facilitate the mandated management approval of essential documents.<\/p>\n 2. Project initiation<\/strong><\/p>\n This stage develops the project\u2019s goals and ensures that both the project and theISMS succeed in delivering the objectives. With a project plan and key deliverydates in place, it\u2019s easy to keep track of the achievement of milestones andensure the project is delivered on time.<\/p>\n 3. ISMS initiation<\/strong><\/p>\n The third stage involves compiling a list of the requirements of each ISMS process and the tasks required to develop and implement them. These will relate directly to the principal stages in the project plan and inform the assignment of tasks required to execute the plan.<\/p>\n 4. Management framework<\/strong><\/p>\n This stage addresses the critical ISO 27001 requirements relating to organizational context, scope and leadership, and ensures that the ISMS framework is aligned with and supports the delivery of business objectives.<\/p>\n 5. Baseline security criteria<\/strong><\/p>\n Any organisation already has a number of security controls in place. Ensuring these existing security controls meet the requirements of the relevant legislation, regulations and contracts early in the project can ensure an effective information security stance.<\/p>\n 6. Risk management<\/strong><\/p>\n This stage covers the development of a robust information security risk process and identification of appropriate information security risk treatments and controls. The default approach is an asset-based risk assessment, unless specifically required otherwise and results in the essential Risk Treatment Plan (RTP) and Statement of Applicability (SoA).<\/p>\n 7. Implementation<\/strong><\/p>\n The implementation phase addresses both management system processes and information security controls to make sure that the design of the ISMS and operation of its processes are carried out in an appropriate manner.<\/p>\n Your consultant will work with you to develop the necessary documentation based upon a consolidated workbook that forms the basis for the ISMS. Your consultant will also help arrange access to online information security staff awareness training, which will ensure you meet this specific requirement of the Standard.<\/p>\n 8. Measure, monitor and review<\/strong><\/p>\n This phase establishes the effectiveness of the ISMS based upon measurable parameters, including ISMS processes and security controls. Key areas include an internal ISMS audit and management review; your consultant will facilitate the first management review meeting.<\/p>\n 9. Certification audit<\/strong><\/p>\n We will plan, conduct, report and follow-up on the necessary internal audit prior to the certification audit.<\/p>\n One day\u2019s support will be available during the stage two certification audit.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div> We guarantee that you will achieve certification within the timeline of the agreed ISO 27001 project. This guarantee \u2013 which is subject to contract and to you providing the agreed resource and executing the project plan \u2013 ensures that we will meet any and all extra direct remedial costs necessary to ensure that you pass your final certification audit.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div> We support the integrity of the accredited certification process, which is governed by the International Accreditation Forum (IAF) and the national accreditation bodies that are its members, and ensures that certification bodies do not certify their own work. Accredited certificates are widely recognized as credible assurance regarding an organisation\u2019s information security capabilities and, as part of the ISO 27001 Consultancy, we will help you select an independent, accredited certification body to suit your budget, location, timescale and organizational culture.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div> As your organisation grows, you will need to develop and expand your documentation appropriately. Maintaining a healthy ISMS is a commitment that extends beyond certification, and you will need to set aside additional resources to ensure ongoing compliance with the requirements of ISO 27001.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div> Cyber Essentials<\/a> is a UK government scheme that describes a set of five basic technical security controls that need to be reflected in your information security stance.<\/p>\n <\/a><\/a><\/p>\n It aims to entrench cyber security into your approach to information risk management, and it helps smaller businesses like yours to uncover risks that they may not otherwise be aware of.<\/p>\n Once successfully implemented, Cyber Essentials can prevent around 80% of cyber attacks.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div> We will invoice you for your project on signature.<\/p>\n Payment is due within 28 days of invoice date.<\/p>\n This does not include the costs of accredited certification, which you pay directly to your chosen independent certification body.<\/p>\n ISO27001 Online Consultancy Service fees do not include travel and subsistence expenses, which will vary depending on your location, and are invoiced monthly at cost.<\/p>\n Ensure your organisation achieves ISO 27001 compliance in just a few months.<\/strong><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>Service Description:<\/h3>\n
Certification success guarantee:<\/h3>\n
Independent certification:<\/h3>\n
Next steps: maintaining your ISMS:<\/h3>\n
About Cyber Essentials:<\/h3>\n
Payment Options:<\/h3>\n
We Are Helping People Improve Their ISMS<\/h3>\n<\/div>