ISO/IEC 27001 support

ISO/IEC 27001 frames information security management through a management system — the ISMS. The firm builds it to the size of the organisation: scope, risk assessment, policies, statement of applicability. The selected measures stem from the risk analysis, not from an undifferentiated application of the annex.

An ISMS is only worth having if it is actually used. The firm prepares the internal audit and the certification audit, and puts in place practices that hold up over time. Certification itself is issued by an independent accredited body.