Star Tips

ISO 27001

Ten steps to ISO 27001 Certification

Here are ten steps to help you achieve ISO 27001:2013 certification.

Step 1 Define the scope of your Information Security Management System (ISMS) and Statement of Applicability
Step 2 Undertake a gap analysis of your current policies and procedures.
Step 3 Produce any policies and procedures identified during the gap analysis as being incomplete, insufficient or out of date.
Step 4 Ensure risks are being managed effectively within your organisation.
Step 5 Ensure all roles and responsibilities have been identified in relation to management of information security.
Step 6 Identify and train internal auditors, and undertake internal audits. Also ensure an independent audit has been undertaken prior to Stage 1 Audit.
Step 7 Corrective action taken and documented regularly.
Step 8 Stage 1 Audit completed successfully. The Stage 1 Audit is primarily focussed on your ISMS to ensure that all mandatory policies and procedures have been produced and are embedded within your organisation.
Step 9 Ensure that any corrective action has been completed prior to Stage 2 Audit.
Step 10 Stage 2 Audit completed successfully. The Stage 2 Audit will confirm that you are compliant with your ISMS and your Statement of Applicability.

If you would like further information please contact us to discuss your requirements.