The infographic presents you with the steps of our Certification Preparation Service Framework

• Step 1:

  Scope:

  The process starts with defining the scope of ISO/IEC 27001 (ISMS) implementation. When a company or organization decides to implement ISMS, the first step is to define its scope. In other words, it is necessary to identify and decide on the information and assets that the company intends to protect
  This step is required for ISO 27001 Certification under Clause 4.3
• Step 2:

  Policies:

  After the scope is defined, we help the company create all required ISMS policies.
• Step 3:

  Identify Assets:

  The next step after defining policies is the identification of all assets to be covered under the defined scope of ISMS. The assets must include Databases, Applications, Systems, People, Processes, Technologies in use, and Physical Locations.
• Step 4:

  Risk Assessment & Treatment Plan:

  In this step, we build a strong risk assessment and risk treatment plan. The plan must include building a risk register that contains: Assets, Threats, Vulnerabilities, Impact, Likely hood, Controls Necessary, Residual Risk, and Risk Acceptance Criteria.
• Step 5:

  Gap Analysis:

  After drawing a comprehensive risk treatment plan, we then conduct a Gap Analysis and determine whether there are gaps between security controls required by the standard and security controls already applied within the ISMS scope. The Gap Analysis report generated in this step results in a security improvement plan.
• Step 6:

  Remediation Plan:

  We work with the company’s IT/security and management teams and get the required controls (as per the Gap Report) implemented to the specifications of the standard.
• Step 7:

  Training & Awareness:

  In this step, we help companies/organizations build the organization-wide security training and awareness program.
• Step 8:

  Stage 1 & Stage 2 Audits:

  We help in the preparation of external Certification Audit and provide continuous support as and when needed.