The standard ISO 27001 gives the requirements to which a Information Security Management System (ISMS) must answer.
Our experiments of audit, council and formation enable us to establish two reports.
Between the moment or the company decides to set up a ISMS and the moment when it is made certify ISO 27001, the sequence is usually the following one:
Finally the audit of certification carried out by an accredited organization of certification takes place. A failure which can have financial consequences, delays and losses of market, it especially acts not to miss it.
- Inventory of fixtures of the practices of safety in the company.
- Training of the key people to the standard ISO 27001 (in general, between one and three people)
- Implementation of ISMS
- Preliminar audit of ISMS to check that all is ready, before the start of certification's audit.
Each case is particular. According to the sphere of activity and the size of the company, work to set up a SMSI will not be the same one.
These services are independent the ones compared to the others and can be qualified and ordered when you need some, at the rate/rhythm of the advance of your project.
Certain companies have excellent practices as regards safety, others less. Some have a culture of oral tradition, others of written tradition. Etc
These two reports lead us to propose a range of services covering the entirety of the phases of the deployment of a ISMS: