ISO 27001 implementation and certification

The world’s most widely used information security standard

The international standard ISO/IEC 27001:2013 “Information technology — Security techniques — Information security management systems — Requirements” is the most recognized worldwide framework for building modern Information Security Management Systems (ISMS) and for their official certification.

This standard is the key document in the ISO 27000 family of standards.

ISO 27001 implementation
De jure and de facto standard
ISO 27001 is the most commonly used information security (IS) standard. It has been adopted in many countries. Many other standards are built on its basis, so you will save on implementing them.
Real managed security
ISO 27001 is the key to building an effective comprehensive security system, and it brings together the efforts of IT professionals, security officers, lawyers, HR managers and various other specialists.
Government incentives
ISO 27001 certification is often mandatory for participation in government procurement and tenders. Some regulations require security certification and your company can be fined for non-compliance.
Clients and investments
The ISO 27001 certificate will allow you to attract large foreign and local clients and investors, and convince them that your security is properly managed.

H-X Technologies provides a turnkey implementation of the international standard ISO 27001. We prepare your organization for independent auditing and certification, and support you even after you receive an official certificate. At the same time, the ISO 27001 standard is so valuable in practice that some customers implement it purely for themselves, even without official certification.

Our approach to implementation begins with simple steps so that you receive the first results for free. That would also introduce you to the process and help you understand how the implementation works and your role in it:

1
Preparation
We prepare a self-assessment questionnaire for the current state of your ISMS. Then we develop and document the scope (business processes, departments, offices, etc.), detailing the project plan for the initial audit and gap analysis.
2
Initial audit
We clarify the scope determined in the contract: interviewing your managers and specialists, collecting evidence that confirms your organization has operational security controls. We assess the current compliance with the standard’s requirements and perform gap analysis. We develop and approve the implementation plan and specify the timing and resources needed. This phase takes up to 1 month.
3
Implementation
We implement physical security. Implement a GRC class tool for ISMS management. Inventorize and categorize the assets. Identify and assess the information risks. Develop about 40 policies and procedures required for an ISMS. We define and implement security measures and processes: change management, incident management, network security, SDLC, etc. Implement risk management. Perform training. Implement security KPIs. We develop an implementation report and issue a certificate of implementation. This phase takes 4-9 months in average, depending on the coverage area and the state of your ISMS.
4
Certification
We choose a UKAS or DAkkS accredited auditor, which would provide international recognition. Organize an independent certification audit, where we present the ISMS for the auditor on your behalf. Based on the results of the certification audit, an audit report is generated containing an assessment of compliance and recommendations for correcting deficiencies. After their elimination, an official certificate from an independent auditor is issued confirming compliance with ISO 27001. This stage takes on average 1-2 months.

Check out our additional services and business cases. Send the form below to request ISO 27001 audit or implementation. Get a free consultation.

Business cases of projects we completed

Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases