ISO27001

Planning and Preparation:

​

Get Management Buy-in: Secure leadership support and commitment to dedicate resources (time, budget, personnel).

---

Appoint an ISMS Project Leader: Designate OCM to oversee the implementation process. 

---

Define the ISMS Scope: Determine which assets, processes, and systems will be protected.

---

Assemble an ISMS Team: Utilise OCM as your team with the necessary skills and knowledge.

​

Gap Analysis and Risk Assessment:

​

Conduct a Gap Analysis: Compare existing security measures against ISO 27001 requirements to identify areas for improvement.

---

Perform a Risk Assessment: Identify potential threats, vulnerabilities, and their impact on your organisation's information assets.

---

Develop a Risk Treatment Plan: Outline how identified risks will be addressed (accepted, reduced, transferred, or avoided).

​

 ISMS Development:

​

Write Key Documentation: Create policies (e.g., Information Security Policy, Access Control Policy), procedures, and other relevant ISMS documents. OCM will undertake this as part of the project.

---

Select and Implement Controls: Choose appropriate controls from Annex A, considering your risk assessment and the nature of your business.

​

Staff Training and Awareness:

​

Conduct Training: Educate all employees on information security best practices, ISO 27001 requirements, and their roles within the ISMS.

---

Promote Security Awareness: Foster a security-conscious culture within the business.

---

Utilise OCM's Cyber Awarness Training to implement.

​

 ISMS Operation:

​

Implement the ISMS: Put policies, procedures, and cybersecurity controls into practice throughout the organisation.

---

Monitor and Measure: Track key metrics and performance indicators to gauge the ISMS's effectiveness.

---

Utilise OCM's Network Operations and Security Operations centres to provide compliance data.

​

 Internal Audit and Management Review:

​

Conduct Internal Audits: Regularly assess your ISMS compliance and identify areas for improvement. OCM can provide an independant auditor to perform this function.

---

Management Review: Top management must review the ISMS's performance, address shortcomings, and make strategic decisions.

​

Certification Audit:

​

Select a Certification Body: Choose an accredited certification body to perform the audit.

---

Stage 1 Audit: A preliminary review of your ISMS documentation.

---

Stage 2 Audit: A thorough on-site audit to verify ISMS implementation and effectiveness.

​

 Continuous Improvement:

​

Address Audit Findings: Implement corrective actions to resolve any non-conformities identified during the audit.

---

Maintain and Improve: Strive for continual improvement of your ISMS, adapting to changing risks and emerging technologies. OCM will agree regular reviews with and keep you appraised of issues, changes and improvements.

​

Here are some of the benefits of implementing ISO27001:

​

Reduced risk of cyber attacks: ISO27001 can help you to reduce the risk of cyber attacks by implementing a comprehensive information security management system.

---

Improved compliance: ISO27001 can help you to comply with regulatory requirements, such as the General Data Protection Regulation (GDPR).

---

Reduced costs: ISO27001 can help you to reduce the costs of cyber security by implementing a proactive approach to security.

---

Improved reputation: ISO27001 can help you to improve your reputation by demonstrating that you are taking security seriously.

​

 

We can help you to implement ISO27001 and achieve certification.

 

We have a team of experienced security professionals who can help you to assess your current security posture, to develop an ISMS, and to implement the necessary controls. We can also provide you with ongoing support to help you to maintain your certification.

​

If you are interested in learning more about how we can help you to implement ISO27001, please contact us today. We would be happy to discuss your specific needs and to provide you with a free consultation.