ISO 27001

ISO 27001

Consultancy Section

Certification Methodology

ISO-27001 Service Methodology Details

Gap Assessment and Scope Definition

Initial certification begins with a thorough understanding of your organization’s posture, an assessment of the current information security state of your organization against ISO 27001 standards as well as defining the scope for ISO 27001 certification.

Training and Implementation Support

Cyber Knight delivers online security awareness sessions for all employees in the scope of the certification as well as trains the stakeholders who are responsible for the ISMS implementation on the defined ISMS framework. We also provide on-going support for the implementation team and advisory services. This includes one round of performance measurement to measure the effectiveness of ISMS implementation.

Pre-Audit Assessment

Cyber Knight ’s ISO 27001 consulting team conducts an internal audit against the ISO 27001 standard and develops a corrective action report for the closure of the audit findings. We conclude with a confirmation of organization readiness for the external ISO 27001 certification.

Risk Assessment

An information asset register is developed to reduce asset duplication, encourage greater efficiency and spot any potential risks. Risk assessment activities are used to identify and evaluate all possible security threats and vulnerabilities in the system before defining the risk appetite of the organization to plan for risk mitigation or treatment actions.

ISO 27001 Certification Support

Finally, Cyber Knight experts identify and select an external certification body, co-ordinate with certification auditors, as well as assist in the certification audit by providing all required documents and evidence for the auditor. We also provide full support to maintain your ISMS performance.

ISMS Framework Development

Next, we develop the policies and procedures for ISMS (Information Security Management System) implementation. This includes the definition of governance structure for the organization’s ISMS, developing the required process to support the ISMS implementation including policies and procedures and performance metrics to evaluate the ISMS implementation.