Are you seeking to be an ISO/IEC 27001 certified organization?
Getting a compliance audit from our certified experts will give you that assurance and confidence that your organization is ready for ISO/IEC 270001 certification.
We, at Risk Associates, offer a complete road map of services to assist our clients in developing and implementing a relevant and sustainable Information Security Management Systems (ISMS).
Key Benefits of achieving ISO/IEC 27001 Certification
Differentiation from your competitors by providing your organization with independent verification that your information security management system has met the requirements of this globally-recognized information security standard.
Reducing costs on additional compliance efforts. Common processes, procedures and controls implemented as part of ISO 27001 conformance can be leveraged for other compliance efforts such as PCI, HIPAA, and Sarbanes-Oxley.
Road Map Of Achieving ISO 27001 Compliance/Certification
Gaining understanding about your business functions. Developing required documentation along with defining the scope of ISMS. Developing and implement a Document Control Procedure and a Records Management Procedure. Taking the higher management on board developing ISMS Manual.
Gap / Risk Assessment
This phase includes identification and classification of critical assets by conducting interviews and filling questionnaire with all the departments within the scope of ISMS. A Statement of Applicability (SoA) will be generated as an output of this process.
Documenting Policies & Procedures
Based on the Statement of Applicability (SoA) and the ISO 27001 standard, our consultants will develop the ISMS documentation for the controls as defined in the ‘Annex A’ of the standard, covering policies and procedures.
Training & Awareness
Risk Associates consultants will conduct awareness sessions for your staff who will work with ISMS to ensure effective implementation of controls and their continuous operating effectiveness throughout ISMS lifecycle.
PRE-CERTIFICATION COMPLIANCE AUDIT (INTERNAL)
After a successful internal audit where all identified non-compliance and improvement opportunities, with Corrective Action Request (CAR) have been addressed, we can now commence the actual certification audit.
We have helped you prepare for the certification audits and would like to help you even more by selecting an independent ISO/IEC 17021-1:2015 accredited certification body who will perform the audit.
The certification audit consists of 2 stages:
Stage 1 audit is conducted on-site and remotely, is a desktop assessment to evaluate your management system documentation, including policies, processes, management review records, scope and context as well as system implementation. The objective is to determine your readiness for a full assessment.
Stage 2 audit is conducted onsite, includes in-depth assessment to ensure the effectiveness of your management system and of the implemented controls. Assess compliance with the standard’s requirements and report any non-conformances or potential non-conformances that will have to correct before the certification can be issued.
At the end of a successful stage 2 audit process is complete, a 'Statement of Certification' is issued, confirming compliance with the relevant standard. This certification is valid for a 3-year period from the date of issue.
Surveillance audits will need to be performed on a annual basis to maintain your certification.
It is imperative to Risk Associates that impartial and transparent assessment and accreditation services are provided to each client. We highly appreciate and encourage comments and feed-backs from concerned parties on the performance of applicant and certification body in order to improve services. We vow to address all enquires including suggestions, complaints, appeals and misuse of accreditation status or scheme owner logos with equity, in an appropriate and timely manner.