ISO 27001 Consultancy Services

Having been involved in implementing ISO 27001, the International Standard for Information Security Management Systems (ISMS’), since its inception, URM has unrivalled insights into the Standard’s requirements and how best to satisfy them.  URM’s ISO 27001 consultants are adept at supporting all stages of the Standard’s lifecycle, from conducting gap analyses and risk assessments through to ongoing management system and control audits. URM can offer your organisation full lifecycle services or one of the more specific services detailed below in order to achieve either ISO 27001 conformance or ISO 27001 certification.

ISO 27001:2022 Transition

Following the publication of ISO 27001:2022 on 25 October 2022, URM became one of the first UK organisations to achieve certification to the updated Standard in April 2023. Our in-depth knowledge of ISO 27001 combined with our own early transition experiences means we are ideally placed to help your organisation either certify or transition to ISO 27001:2022.

• Consultancy services where we will work with you in a bespoke manner to prepare for, and successfully transition to, the 2022 version of the Standard.  Transition services URM can provide include conducting a gap analysis, as well as providing support with risk assessment/treatment activities and internal audits once changes have been implemented

• 2-day ISO 27001:2022 Transition training course where an experienced and practising URM ISO 27001 consultant will provide practical advice on the different approaches you can take when transitioning to ISO 27001:2022
• Automated risk assessment tool Abriska, which has been updated with the new control set.
  ‍

Not certified?

If you are not certified, now has never been a better time to develop an information security management system and achieve ISO 27001 certification. URM can help you with the services listed below. If you would like to understand more about the benefits and what’s involved in implementing ISO 27001, please register your interest here and we will be in touch.

ISO 27001 Gap Analysis

With our ISO 27001 gap analysis, URM will assess both your existing information security framework or management system and your information security controls.   With regard to the former, our ISO 27001 consultants will review both your documentation and your working practices in order to identify what gaps exist in relation to the requirements contained in the mandatory clauses (4-10) of ISO 27001.  Similarly, with regard to the information security controls or measures, we will identify what gaps exist in relation to the controls of Annex A of the Standard.

Risk Assessment

ISO 27001 is fundamentally a risk-based standard, where you can identify the risks that are specific to your organisation’s information assets and how best to treat them based on your risk appetite.  Utilising its ISO 27001 proven risk assessment tool Abriska, URM can assist you not just in identifying the threats to your information assets, but the likelihood and impact of them occurring.  Once you have identified your greatest risks, you are then able to prioritise your risk treatment activities and maximise your time, effort and budget.  With Abriska, you will also be able to run all the necessary (ISO 27001) reports, i.e., Statement of Applicability (SoA), risk register and risk treatment plan (RTP). The software tool is fully compatible with the 2022 version of the Standard, is populated with all the new controls and offers a variety of transition options

Developing Policies and Processes

The risk assessment will determine what policies and processes need to be developed and implemented.  Some may be existing policies and processes which need amending or refining, whereas others may need to developed from scratch.  Whichever it is, URM will ensure they are developed with 2 goals in mind.  Firstly, they will be tailored to match your culture and style and reflect what you actually do.  Secondly, our consultants will ensure that anything produced will fully meet the requirements of ISO 27001.  URM can assist you in the development of your IS Policy, along with all the supporting policies and processes.

Developing your ISMS Framework and Infrastructure

In order to conform with the requirements of ISO 27001, you will need to establish a framework and management system.  URM will draw upon its experience and help you establish some of the key components such as:

• An information security forum (ISF)
• Monitoring and measurement mechanisms for management systems
• An information security training and awareness programme.

Internal Auditing

Auditing plays a critical role in ensuring that your organisation’s management system is operating effectively.  A significant challenge for many organisations is a lack of sufficiently competent resources or those with sufficient impartiality to cover all auditing needs.  With URM, our ISO 27001 auditors are skilled and knowledgeable not only in audit techniques, but also in the subject of the audit, whilst at the same time demonstrating independence from the area being audited.  URM can offer your organisation a flexible range of audit services from planning and implementing a full 3 year’ ISO 27001 audit programme, to conducting individual audits against any aspect of the ISMS or any specific controls.

Full Implementation Support

As well as providing consultancy support against the above-mentioned areas, URM’s  ISO 27001 consultants can also provide guidance and knowledge transfer across the full implementation lifecycle of the Standard. Furthermore, URM can offer your organisation 2 levels of support:

• The first level of support is where URM takes the lead in terms of development, and you review and approve
• The second level of support involves URM providing a ‘light touch’ advisory and mentoring service, with you taking responsibility for developing your ISMS and URM reviewing all outputs to assess if they fully meet the relevant requirements of the Standard.

Interim Information Security Manager

A further ISO 27001 service we can provide is our Interim Information Security Manager Service to cover for absence or while you recruit a permanent resource.  Equally, URM’s interim resource may be required to manage a specific project, e.g., implementing a management system or complying with a new regulation, or addressing a turnaround or change requirement.

‍

Why URM for ISO 27001?

Risk management expertise

Getting the assessment and management of information security risk right is critical. It is also an area where URM excels and where clients can take advantage of URM’s in-house risk management module, Abriska, with its robust and proven risk assessment methodology and the extensive experience and expertise of its ISO 27001 consultants.

Achieving optimum balance

When helping develop your ISMS, URM’s goal is to achieve the optimum balance between meeting the mandatory management system requirements of ISO 27001 and ensuring your management system is fully sustainable and tailored to your organisation’s size, culture and business objectives

Track record

URM has an unparalleled track record of assisting over 400 organisations to achieve and maintain ISO 27001 certification and is proud to have never been involved in a failed certification project.  Our clients have ranged in size from micro businesses to multinationals and come from a diverse range of market sectors and, due to our tailored approach, every one of the 350+implemented ISMS’ has been different.

Practice what we preach

URM has been certified to ISO 27001 ever since the Standard was first introduced in 2005.  Furthermore, it became one of the UK’s first organisations to transition to ISO 27001:2022 in April 2023.  The experiences gained in maintaining and transitioning certification helps to ensure our consultancy and training services remain current and relevant.

‍