Call us on 03450 21 21 51

SRM Solutions
Consultancy & Compliance

ISO 27001

SRM guides you through the entire ISO27001 certification process, helping you to review continually and refine the way you handle information security, not just for the present, but for the future.

Why undertake ISO 27001 compliance?

Internationally recognised, the ISO 27001 standard is a framework that can help your organisation manage and protect its information assets, keeping them safe and secure. Compliance with the standard helps a business to identify risks to confidentiality, integrity and availability of information, and the controls required to decrease those risks to an acceptable level. It also builds resilience by identifying the required procedures to enable prompt detection of information security breaches.

Certification means a third party accredited auditor has performed an independent assessment of all processes and controls and confirms that operations are in alignment with the comprehensive and widely-recognised ISO 27001 standard. Accreditation thereby signals your commitment to information security at all levels and demonstrates that your organisation is following international information security best practices. This level of reassurance enhances reputation and delivers greater business opportunities.

What are the challenges of ISO 27001 compliance?

Undertaking compliance with ISO27001 can be a rather intimidating prospect.  It requires risk assessments to be conducted, together with the design and implementation of a comprehensive suite of information security controls (and other forms of risk management) which address both company and architecture security risks on an ongoing basis. It can be a long and rather costly process, depending on what level of pre-requisites are already in place and what further steps are needed to ensure they are put in place. Correctly scoped at the outset, however, the exercise can be conducted in the most cost-effective way and will deliver significant benefits.

Why SRM?

SRM’s consultancy team is experienced in all aspects of preparing organisations for ISO27001 accreditation. We start with a pre-audit which establishes the level of security readiness, using a gap analysis process to determine what remediation activities need to be undertaken and establish a detailed plan of action. We provide guidance on the potential scope to include in an organisation’s ISO 27001 activities and identify the appropriate controls required to ensure accreditation is achieved. SRM will guide you through the entire certification process, helping you to review continually and refine the way you handle information security, not just for the present, but for the future.

Associated services

Cyber Essentials

The SRM team is experienced in all aspects of Cyber Essentials certification. We can do as much or as little as is required.

GDPR

Our team provides a business-focused service to organisations of all types and size, at all ends of the GDPR-readiness spectrum.

PCI DSS

The SRM PCI DSS compliance team includes leading QSAs who use their wealth of experience to help organisations at all levels to understand not only how to comply but also how to reduce costs.

VirtualCISO™/VirtualISM™

At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual company.


Related articles

Why get ISO27001 certification?

We are sometimes asked the question, why get ISO27001 certification? The answer is that the ISO standard, and ISO 27001 compliance in particular, demonstrates that your organisation takes information..

The key to GDPR is common sense

by Tom Fairfax, Managing Director It is not often that EU-wide legislation is likened to a children’s story. Consider, however, the story of Goldilocks and the three bears. When..

The NIS Directive: who does it apply to and what will it mean?

May 2018 is a big month for cyber security. Not only will the EU General Data Protection Regulation (GDPR) come into effect but a new UK Data Protection Act..