Information Security & ISO 27001 Certification Consulting

What is ISO 27001 Certification? What are Information Security Management Systems?

ISO 27001 is an internationally recognized standard for Information Security. Once an organization has independently verified that they have successfully met the requirements of ISO 27001 and ISO 27002, they can achieve ISO 27001 Certification - a valuable certification for their customers and their employees.

An Information Security Management System gives you the freedom to grow, innovate and broaden your customer-base in the knowledge that all your confidential information will remain that way. With growing sensitivity and heightening data protection requirements around sensitive information, ISO 27001 is one of the fastest growing International Standards that organizations are seeking - particularly in the service, financial and technology sectors.

 

Benefits of ISO 27001 Certification

  • Customer satisfaction by giving confidence that their personal information is protected and confidentiality upheld Business continuity through management of risk, legal compliance and vigilance of future security issues and concerns
  • Legal compliance by understanding how statutory and regulatory requirements impact the organization and its customers
  • Improved risk management through a systematic framework for ensuring customer records, financial information and intellectual property are protected from loss, theft and damage
  • Proven business credentials through independent verification against recognized standards
  • Ability to win more business particularly where procurement specifications require certification as a condition to supply

 

Two Types of Management Systems - Functional vs. Performance

There are predominantly two types of Information Security Management Systems that can be implemented: Functional-based and Performance-based. There are significant differences between the two types. Functional systems are those that are designed & implemented purely to gain ISO 27001 Certification (and are what we refer to as minimalist systems). Performance systems are those that are fully aligned with the business model of the organization geared towards enhancing the existing competitiveness of the organization.

Kelmac Group specialize in performance-based Information Security Management Systems including ISO 27001 Certification.

  • Fortune 500 Food and Beverage Company

    We worked in partnership with the Food and Beverage company [FBO] team and employed a number of initiatives to improve the firm’s competitiveness, operational controls and operational efficiency.

  • Zevas Communications

    Kelmac Group assisted Zevas with the adoption of a consistent and best practice approach via their information security controls and practices within a relatively young organization. This will help Zevas Communications provide a competitive, innovative and cost effective level of customer contact and communication service to their clients.

  • LuLu International Exchange

    Kelmac Group helped LuLu International Exchange achieve a positive business change as the organization transitioned from a business funded organization to a sustainable and profitable organization. The project also included the successful achievement of ISO 9001:2015 Certification.       

  • Fortune 500 Food and Beverage Company Case Study

    Learn about how ISO can improve a firm’s competitiveness, operational controls and operational efficiency through process excellence.

  • Zevas Communications Case Study

    Learn about how ISO 27001 Certification will help Zevas Communications provide a competitive, innovative and cost effective level of customer contact and communication service to their clients.

  • LuLu International Exchange Case Study

    Learn about how this organization transitioned from a business funded organization to a sustainable and profitable organization including the successful achievement of ISO 9001:2015 Certification.

  • Fortune 500 Food and Beverage Company Case Study

    Learn about how ISO can improve a firm’s competitiveness, operational controls and operational efficiency through process excellence.

  • Zevas Communications Case Study

    Learn about how ISO 27001 Certification will help Zevas Communications provide a competitive, innovative and cost effective level of customer contact and communication service to their clients.

  • LuLu International Exchange Case Study

    Learn about how this organization transitioned from a business funded organization to a sustainable and profitable organization including the successful achievement of ISO 9001:2015 Certification.

How can Kelmac Group & ISO 27001 Certification help your business succeed?

  • THE ONE SYSTEM MODEL APPROACH

    The unique Kelmac Group® One System Model enhances organizational compliance, effectiveness and efficiency based on including all the business processes in addition to ISO 27001 requirements & processes to create a business-focused Information Security Management System with ISO 27001 Certification inside.

    Many organizations are interested in ISO 27001 Certification – we are right fit for organizations looking to achieve certification but also looking for a system that will be bespoke to the needs of their business, include all their business processes and add continuous value beyond that which is typically associated with ISO 27001 Certification.

What is our ISO 27001 Consulting Process?

With over 20 years ISO consulting experience working with many organizations & industries, we have developed The Kelmac Group® 9-Step Roadmap to Going Beyond Certification and invite you to select the below icons to learn more about each step and learn about how we can add enormous business value to your processes and how you operate as a business.

Step 1 Foundation

This module focuses on the organization’s top leadership team and planning. The aim is to ensure the Top Leadership team can actively lead, participate and manage the management system from the outset.

Step 2 Process/Risk Management

This module focuses on the the organization’s business and management system processes and product/process risk assessments.  The aim is to  build and/or enhance the organization’s process and to identify the related product and process risks, risk mitigation and controls.

Step 3 Objective/Process Alignment

This module focuses on the design of the organization’s internal controls including alignment between goals and process controls. The aim is to ensure the business internal controls meets the needs of the organization.

Step 4 Human Resource System

This module focuses on the design of the organization’s structure, people, culture/behavior, and competency framework. The aim is to ensure the organization structure, culture, behaviors and HR system supports the organization management system.

Step 5 Information Security Health Assessment & Controls

This module focuses on the health assessment and design and development of the organization information Security Controls based upon ISO/IEC 27002.  The aim is to ensure the information security controls protects the organization’s commercially sensitive information assets.

Step 6 Document Management System

This module focuses on the design and development of the organization document management system. The aim is to the document management system is effective.

Step 7 Implement The Management System

This module focuses on implementation of the organization management system. The aim is to ensure the management system is flawlessly implemented and expected benefits are fully realized.

Step 8 Check The Management System

This module focuses on verification of the organization management system. The aim is to ensure the organization’s verification system provides stakeholders with the assurance and insight to improve performance, if required.

Step 9 Certification Audit

This module involves coaching/mentoring during the initial certification audit process. The aim is to ensure the initial certification outcome is successful.

How Long Does It Take To Achieve ISO 27001 Certification?

One of the most common questions with this type of project that needs to be answered is ‘how long does it take’. There are various considerations but the main ones include: is there a hard client/contract deadline? Are there available resources to support the project internally? Plus, the exact scope of work required and any potential complexity are key considerations. Many organizations will want to aim for an efficient turnaround but it is common that the amount of work required can be underestimated. The below gives an example of average timelines from start to certification based on the size of the organization – these are guidelines only. Each project varies & in all cases, is based on the client needs.

  • 3 to 6 months

    The average for a small business would be between 6 – 9 months. In general, the shorter the timeline, the higher the intensity of the project. A key consideration is whether there are available resources who can commit to the agreed workload required for the preferred project duration.

    Small Business*

  • 9 Months

    This is the average project duration in the experience of Kelmac Group®. A 9 month project has moderate intensity but generally doesn’t overload a client, particularly where resources who will be involved on the project internally will already have other priorities and responsibilities.

    Medium Business*

  • 12 Months

    This is a conservative project duration for small to medium enterprises but one that is common on larger, more complex projects. Certain projects may even extend up to 18 months.

    Large Business*

*each client project varies, the above are project averages to serve as a guideline only


What Resources Do We Need For An ISO 27001 Certification Project?


Small Business

Each and every business is different and it depends on the availability of resources and whether or not they have the ‘bandwidth’ to meet the internal demands of the project. An average project would involve 2-3 internal resources sharing responsibilities as part of the project.

Medium Enterprise

There are similarities between what challenges resources face whether you are a small, medium or large enterprise. An average project would involve 3-5 internal resources sharing responsibilities as part of the project.

Large Enterprise

This would vary for each enterprise based on the scope of the project and its complexity – including the enterprise’s structure. As an average, we have seen specific steering committees formed including implementation teams of 20+ assigned. The size of the organization, number of locations and complexity would more accurately determine the level of resources involved and would be a key outcome from Step 1 in the Kelmac Group® 9-Step Roadmap.

See What The Kelmac Group® Can Do For You Get in touch with us today!

Would you like us to call you back to discuss it?

Blog Posts

  • gk-chicago

    IRCA Certified FSSC 22000 Lead Auditor Training Course

    Another successful IRCA Certified FSSC 22000 Lead Auditor Training Course took place last week in Chicago and Kelmac Group® would like to take this time to thank all who attended and helped make it such a success. We hope you had as much fun with the learning experience as we did delivering it. The IRCA … Continue reading IRCA Certified FSSC 22000 Lead Auditor Training Course

    Read More
  • kelmac group, lero, r&d

    Limerick-founded SME Kelmac Group collaborates with Lero on a €280,000 R&D Project

    Limerick-founded SME Kelmac Group collaborates with Lero on a €280,000 R&D project to transform it into global internet player–       Kelmac Group® to double Irish workforce and open international R&D technology centre at Plassey Technological Park, Limerick Limerick, Wednesday, 8th February, 2017: Kelmac Group®, a Limerick based standards and compliance company, is collaborating with Lero, the Irish … Continue reading Limerick-founded SME Kelmac Group collaborates with Lero on a €280,000 R&D Project

    Read More
  • ISO 14001 and Environmental Management

    ISO 14001 – Your Organization, Your Environment

    ISO 14001 is the world most popular environmental management system standard. As of 2013 it is currently implemented by 301,647 [1]organisations worldwide, so it must obviously work and its voluntary! Environmental management is all about how a company interacts with the environment and how it manages that interaction. It’s where the company figures out how it interacts with the environment and decides how best to control and manage its products, services and activities that affect the environment. In simple terms, ISO 14001:2004 is about putting a structured management approach in place that lets you identify your interactions (aspects and impacts), figure out which ones need to be managed closely (significant aspects),…

    Read More
  • Lets Connect

    Questions? Call us on (312) 496 6607



  • Download Corporate Brochure

    Download Corporate Brochure