ISO 27001 - Information Security Management

ISO 27001 consultant support

As ISO 27001 consultants we have helped businesses in London, Kent, Sussex, Surrey, Essex and beyond to achieve ISO 27001 certification. Whether in person or through remote consultancy, our experienced consultants will help you implement a valuable ISO management system which is tailored to your business.

We see ourselves as your partners, working together to strengthen your information security. We have 5 principles we stand by when helping you to implement an ISO 27001 Management System:

 

We will remove the stress & confusion from the process

We will help you to engage people at every level of your business

No bureaucracy - no documents for the sake of it - only tailored solutions

Utilise technology to streamline and integrate your management system into the business

We will push you to achieve best practice but will always remain pragmatic

 

Free 1 hour consultation

Undertaking ISO 27001 is both a financial and resource commitment. We are pleased to offer a free 1 hour consultation session to help you understand how far you may currently be from achieving certification, the typical timescales for certification and the internal resources you will need to make available for the project. Please call on 020 3018 0026 or submit a request here to book a session.

 

1 day gap analysis

If you are looking to determine where your business currently stands with regards to meeting the ISO 27001 requirements, we provide a 1 day GAP analysis session. During this session we will take each of the core requirements of the standard, assess your level of compliance and produce a report that outlines your areas of strength, weakness and actions that need to be taken. Please call on 020 3018 0026 or submit a request here to book a GAP analysis.

 


 

Your business is unique - your management system needs to be unique too

We believe there is no place for a cookie cutter approach to ISO 27001 - trying to apply an off-the-shelf package of policies and procedures will quickly leave you feeling burdened by paperwork that has no measurable benefit.

Instead, we ensure that our ISO 27001 consultants have significant industry and ISO experience so we are able to apply our accumulated knowledge in a way that is aligned to your business. Although this will take a little bit more consultation work than an off-the-shelf solution, the benefits are real. To ensure that time is spent on activities that really bring value, we have a significant library of tools and documentation that we tailor to the unique requirements of your business.

 


 

Features of our implementation

We start every implementation by learning about your business, its infrastructure, your aims for certification and your key perceived risks. This allows us to focus on the areas that will bring you most benefit.

We then arrange a series of calls and in-person visits, covering the requirements in the ISO 27001 standard. An optimised implementation involves 2SB consultants introducing three to four ISO 27001 aspects during each session, discussing them with you to tailor their exact application, and once you feel confident, leaving you to make progress.

In each subsequent session the work that you have completed will be reviewed together with the consultant, to ensure the approach is working and that the requirements of the ISO 27001 standard are met. For more information about the ISO 27001 standard and how the certification process works, see our detailed guide.

 


 

Using technology

At 2SB we embrace technology, but recognise that each business has a different level of adoption.

We can just as equally use a digital project management tool as a traditional action list to guide the ISO 27001 implementation - we will work in the way that most suits you.

There are an ever increasing number of great software solutions available for managing every aspect of a business, from the onboarding of new employees, to creating digital learning platforms for staff training - we can make suggestions for how these may complement your business and streamline internal processes. We have found the best implementations use the productivity applications you already have in place with Airtable, Monday, Google Sheets, Trello, Confluence, Jira and other applications all used effectively. The key is to integrate ISO 27001 into your working practices so it is fully embraced and isn't dusted off once a year before the auditor arrives.

For remote sessions we utilise a range of video conferencing software, having the capability to adopt your organisational preference.

 


 

Always available to support you

We are on hand whenever you have a question and believe in being generous with our time since we are as genuinely committed to your management system as you are. Reach out to us today and we can help you define your strategy to implementing a UKAS accredited ISO certified management system.

ISO 27001 in startups

An increasing number of startups and growth stage technology businesses are being required to have ISO 27001 in order to demonstrate their information security credentials to corporate clients.

Our ISO 27001 consultants have significant experience working with startups and will implement an effective information security management systems that fits with the culture of your business.

One of the common concerns of scaling businesses is that the implementation will place a significant workload on critical internal resources. Although a properly implemented ISO 27001 management system requires the dedication of a business, the process does not need to be burdensome.

We utilise the productivity tools you already have in your business to structure the implementation and deliver on many of the requirements of the standard. We have the full range of policies and procedures that you will require for the implementation, and will help you to tailor these.

There is no better time to implement an ISO 27001 management system then before the growth stage, as smaller teams accelerate implementation timeframes. The startups that we have worked with report a range of benefits including; the clarity brought by creating a more comprehensive visualisation of network infrastructure; solid and repeatable onboarding processes; better administration of access to software, applications and servers; and confidence that the correct contracts are in place with critical suppliers, customers and contractors.

Everything worthwhile requires dedication, however we will help you to streamline the implementation process and maybe even enjoy it a little...

Trust

  • We are a safe-pair-of hands and will get you certification
  • We mindfully engage team members at every level

Alignment

  • No bureaucracy, only useful processes and documentation
  • An implementation that will address your key business risks

Value

  • Help to capture your previously undocumented organisational knowledge
  • Achieve certification quicker with less drain on internal resource

Steps to certification...

Consultation – initial fact finding conversation in person or on the phone to understand more about your business

Proposal – when we understand what your needs are, we will produce a proposal that outlines the support required

Implementation – we will work with you over a series of onsite and offsite days to prepare you for an external audit

External audit – we can support you through the external audit to give you confidence in gaining certification

Ongoing support – we assist with annual audits and certification visits to ensure you retain your certification

Information security helps a healthcare business protect its data

Case Study view all

Meet a Consultant view all

Jon Passmore
Management Systems Consultant & Director
Jon Passmore

Frequently asked question view all

How does the certification process work? How do I get certification?

 

A video guide to the certification process

 

To progress with certification, firstly you will need to have implemented or be in the process of implementing the specific management system you are hoping to achieve certification against.

You don’t need to have fully implemented the system before contacting the certification bodies, however having made a start or knowing how far you have to go can help set a date to aim for.

Once you have in mind a date that you feel is realistic to work towards, the next step is to contact one or more certification bodies to ask for quotes. You will be required to provide information about your business (i.e. nature of your work, number of employees and the roles they do, number of sites) so the certification body can make a good approximation about how many days it will take an assessor to audit your business.

We recommend contacting at least two certification bodies since the price and number of days they expect the audit to take can vary. 2SB recommend that you always approach UKAS accredited certification bodies, as these certificates carry much more weight and you can be assured that your business is being correctly assessed.

Based upon the quotes received, you will need to decide the most appropriate body to certify with and set a date for your Stage 1 and Stage 2 audits.

Contact an ISO Consultant