ISO 27001 implementation and certification

Home / Services / Security compliance / ISO 27001 implementation and certification

The world’s most widely used information security standard

The international standard ISO/IEC 27001:2013 “Information technology — Security techniques — Information security management systems — Requirements” is the most recognized worldwide framework for building modern Information Security Management Systems (ISMS) and for their official certification.

This standard is the key document in the ISO 27000 family of standards.

	De jure and de facto standard ISO 27001 is the most commonly used information security (IS) standard. It has been adopted in many countries. Many other standards are built on its basis, so you will save on implementing them.
	Real managed security ISO 27001 is the key to building an effective comprehensive security system, and it brings together the efforts of IT professionals, security officers, lawyers, HR managers and various other specialists.
	Government incentives ISO 27001 certification is often mandatory for participation in government procurement and tenders. Some regulations require security certification and your company can be fined for non-compliance.
	Clients and investments The ISO 27001 certificate will allow you to attract large foreign and local clients and investors, and convince them that your security is properly managed.

REQUEST A QUOTE

H-X Technologies provides a turnkey implementation of the international standard ISO 27001. We prepare your organization for independent audit & certification and support you even after you receive an official certificate. At the same time, the ISO 27001 standard is so valuable in practice that some customers implement it purely for themselves, even without official certification.

Our approach to implementation begins with simple steps so that you receive the first results for free. This will also introduce you to the process and help you understand how the implementation works and your role in it:

Preparation

We prepare a self-assessment questionnaire for the current state of your ISMS. Then we develop and document the scope (business processes, departments, offices, etc.), detailing the project plan for the initial audit and gap analysis.

Initial audit

We clarify the scope determined in the contract: interviewing your managers and specialists, collecting evidence that confirms your organization has operational security controls. We assess the current compliance with the standard’s requirements and perform a gap analysis. We develop and approve the implementation plan and specify the timing and resources needed. This phase takes up to 1 month.

Implementation

We implement physical security. Implement a GRC class tool for ISMS management. Inventorize and categorize the assets. Identify and assess the information risks. Develop about 40 policies and procedures required for an ISMS. We define and implement security measures and processes: change management, incident management, network security, SDLC, etc. Implement risk management, perform training, implement security KPIs. We develop an implementation report and issue a certificate of implementation. This phase takes 4-9 months on average, depending on the coverage area and the state of your ISMS.

Certification

We choose a UKAS or DAkkS accredited auditor, which will provide international recognition. Organize an independent certification audit, where we present your ISMS for the auditor on your behalf. Based on the results of the certification audit, an audit report is generated containing an assessment of compliance and recommendations for correcting deficiencies. After their elimination, an official certificate from an independent auditor is issued confirming compliance with ISO 27001. This stage takes on average 1-2 months.

Check out our additional services and business cases. Send the form below to request an ISO 27001 audit or implementation. Get a free consultation.

REQUEST A QUOTE