What is our ISO 27001 Consulting Process?
Getting ISO 27001 Certification can be challenging. With over 20 years ISO consulting experience working with many organizations & industries, we have developed the Kelmac Group® 9-Step Roadmap to Going Beyond Certification and invite you to select the below icons to learn more about each step and learn about how we can add enormous business value to your processes and how you operate as a business.
Step 1 Foundation
This module focuses on the organization’s top leadership team and planning. The aim is to ensure the Top Leadership team can actively lead, participate and manage the management system from the outset.
This stage includes:
Information Security Organizational Health Assessment
Do you need customized services to assess the information security health of your organization and get a detailed overview of its alignment with the ISO 27001 standard? Apart from our 9-Step approach which includes an in-depth research into the organization’s information security environment, we provide health assessment as a separate service as well to help organization’s get a real-time view of their information security posture. The output is an Information Security Health Assessment Report which provides top management with a view of the gaps identified. Additionally, this also educates top management on the benefits of implementing the ISO 27001 ISMS framework ensure compliance to industry best practices.
Business Case Preparation and Presentation
After we conduct an organization health assessment and based on the gaps noted during that exercise, we can assist management to prepare a business case which will provide a comprehensive overview of the risks identified and how we can assist in implementing ISO 27001 which will help address the risks and issues identified. This will be presented to top management to make them aware of the identified risks and benefits of implementing ISO 27001 to mitigate these risks and continue to maintain robust ISMS catered to their organizational goal and objectives.
Step 2 Process/Risk Management
This module focuses on the the organization’s business and management system processes and product/process risk assessments. The aim is to build and/or enhance the organization’s process and to identify the related product and process risks, risk mitigation and controls.
Step 3 Objective/Process Alignment
This module focuses on the design of the organization’s internal controls including alignment between goals and process controls. The aim is to ensure the business internal controls meets the needs of the organization.
Step 4 Human Resource System
This module focuses on the design of the organization’s structure, people, culture/behavior, and competency framework. The aim is to ensure the organization structure, culture, behaviors and HR system supports the organization management system.
Step 5 Information Security Health Assessment & Controls
This module focuses on the health assessment and design and development of the organization information Security Controls based upon ISO/IEC 27002. The aim is to ensure the information security controls protects the organization’s commercially sensitive information assets.
This stage includes:
Information Security Health Assessment/Controls
Successfully completed the ISO/IEC 27001 ISMS Stage 1 Audit but not sure of the adequacy of the controls and their operating effectiveness which will be tested in the Stage II certification audit? We provide end to end services to help an organization implement the necessary information security controls as required by the ISO/IEC 27002 standard. We ensure that the controls within the organization are designed appropriately based on the risks identified and that they are operating effectively which is a requirement for a successful ISO/IEC 27001 certification to be achieved.
Step 6 Document Management System
This module focuses on the design and development of the organization document management system. The aim is to the document management system is effective.
Step 7 Implement The Management System
This module focuses on implementation of the organization management system. The aim is to ensure the management system is flawlessly implemented and expected benefits are fully realized.
Step 8 Check The Management System
This module focuses on verification of the organization management system. The aim is to ensure the organization’s verification system provides stakeholders with the assurance and insight to improve performance, if required.
Step 9 Certification Audit
This module involves coaching/mentoring during the initial certification audit process. The aim is to ensure the initial certification outcome is successful.
See What The Kelmac Group® Can Do For You Get in touch with us today!
Would you like us to call you back to discuss it?
Some Ways Your Business Can Benefit From ISO 9001:2015 Certification
The International Organization for Standardization (ISO) is the world’s largest developer of voluntary International Standards. ISO 9001 standards address various aspects of quality management. These standards provide guidance and tools for companies and organizations who want to ensure their products and services consistently meet their customers’ requirements. Why organizations pursue ISO 9001:2015 CertificationISO 9001:2015 is … Continue reading Some Ways Your Business Can Benefit From ISO 9001:2015 CertificationRead More
Evaluation of Process Performance in ISO 9001:2015
Every organization is made up of core, support and management processes which work together to ensure that the organization meets its business goals and objectives. If any process is not working effectively and efficiently, there can be a knock-on effect resulting in a negative impact on business performance.Consider an organization that has the following processes: … Continue reading Evaluation of Process Performance in ISO 9001:2015Read More
Risk Based Thinking & ISO 9001:2015
Preventive Action is a well-known term in relation to quality management systems, which requires organizations to act to prevent quality failures from recurring. The problem with this approach is that the organization is continually reacting to quality failures which have already occurred (i.e. fire-fighting), leading to increased costs, time delays and customer dissatisfaction. ISO 9001:2015 … Continue reading Risk Based Thinking & ISO 9001:2015Read More