ISO 27001 Consulting Services – CVG Strategy Experts
Our ISO 27001 consulting services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS). Our team of experts bring extensive experience and deep information security process control expertise (including certifications as Exemplar Global Lead Auditor ISO/IEC 27001:2013 Lead Auditor) to ensure that you achieve ISO/IEC 27001 certification—on time and on budget.
Our consultants will work collaboratively with you throughout the entire certification process, from ISMS Scope through on-site Certification Audit Support. CVG Strategy ISO 27001 Consulting Experts provide a variety of ongoing support services to successfully certified clients, often participating in Information Security Risk Assessments and conducting Internal ISMS Audits to support and help maintain the certification.
ISO 27001 consulting services include:
- ISMS Strategy and Framework Selection – The optimal approach to ISMS development must consider the industry, relevant regulatory compliance, and attestation requirements.
- ISMS Scope Determination & Optimization – The scope needs to be broad enough to ensure that it will satisfy key stakeholders (e.g., clients, shareholders) but narrow enough to ensure the initial effort remains manageable.
- Risk Assessment – ISO 27005 has an advantage over many other Risk Assessment standards in that it is well suited to a non-asset based approach. This “information and the processes that act on it” approach yields a much more intuitive process that drives far greater value, in less time.
- Risk Treatment Plan Development – The risk treatment plan defines the ISO 27002 controls that are required including the necessary extent to treat (mitigate) risk to a level that is deemed acceptable by management. It is a fundamental ISMS artifact and forms the basis/standard for the gap assessment.
- ISMS Gap Assessment – Defining the gap between the current and desired state of the ISMS (ISO 27001) is a key input into a “Prioritized Road Map” (Gap Remediation Plan).
- Security Controls Gap Assessment – Review of the gap between the current and desired state of the control practices is a priority input into a Gap Remediation Plan. ISO 27002 Gap Assessments are widely used outside of ISO 27001 certification efforts as a “best security practices” gap assessment and can also be used to serve as a form of design/operational attestation.
- Prioritized Road Map Definition – The road map defines all of the the activities, the approach and all responsibilities necessary to address identified gaps with consideration of the schedule required to achieve project objectives, including certification.
- Gap Remediation Facilitation/Support – Ideally, gap remediation will be largely accomplished by the internal team. Or, third-party services can be applied as required.
- Security Metrics – Security metrics are critical to the optimal operation of an ISMS, as they are integral to demonstrating the continuous improvement principles that are inherent in most company’s successful ISMS.
- Policy, Standards, & Procedure (subject matter) Support – ISO 27001 Consulting SME (Subject Matter Expert) services include coaching, mentoring, structure, version control, procedure preparation and training.
- Ongoing Risk Management Team Membership – A company may realize a benefit by having a CVG Strategy SME participate as a member of the Risk Management Committee to ensure the ongoing effectiveness of the Risk Management function. This is critical to the ongoing effectiveness of the ISMS. Many organizations favor the inclusion of an independent and objective third party with cross organizational/industry expertise to optimize the operation of the Risk Management Committee.
- Response Incident Support – CVG Strategy SMEs can help you implement procedures and other controls capable of enabling the timely detection of, and response to, incidents is essential to an ISMS and the principles of continuous improvement.
- Internal Audit – Internal Audit Training or Internal Auditing Service (1st Party) to ensure ISMS conformance to:
- The requirements of ISO-27001 and relevant regulations or laws;
- Identified information security requirements;
- The ISMS is effectively implemented and maintained; and perform as expected.
- Certification Audit Support – Many organizations believe that having a CVG Strategy Exemplar Global Certified ISO 27001:2013 Lead Auditor on-site during one or both of the certification audit phases simplifies the process and reduces the risk that a non-conformance may be cited.