ISO 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System for an organisation.
Steelhenge is a member of the British Standards Institution's Associate Consultant Programme for ISO 27001 and our staff include qualified lead auditors for ISO 27001.
This means we are able to assist you with developing an Information Security Management System aligned with ISO 27001:
- Developing the scope of the ISMS and conducting a full gap analysis of existing procedures and controls
- Defining the Information Security Policy
- Creating the Action Plan
- Preparing the initial Statement of Applicability
- Compiling the Information Asset Register
- Conducting the Risk Assessment
- Compiling the Risk Register
- Creating the Risk Treatment Plan
- Preparing the final Statement of Applicability
- Conducting a pre-audit review
We can also help you to integrate ISO 27001 with other existing management systems such as ISO 9001, ISO 14001 and BS 25999.