Helping reduce information security risk and maximise opportunity
In an increasingly digital world, data breaches pose a growing threat to organisations and their customers.
The ISO 27001 standard provides a framework for organisations to better protect information and take clear, informed and cost-effective decisions on security controls and risk mitigation.
With many public and private sector tenders now demanding certification, it also provides a competitive advantage in an increasingly crowded marketplace.
Our approach to ISO 27001 looks to add value and maximum impact throughout the process rather than just tick-box auditing. We offer insight into problems and hurdles organisations face in achieving it and work in collaboration with your in-house teams to overcome them effectively and with the least cost.
Did you know...
Having the right controls in place to comply with ISO 27001 can also help your organisation save significant time and resources in complying with other requirements.
Given card data is classed as personal data, one set of testing procedures can help ensure you have the evidence required for compliance across different standards such as GDPR and ISO 27001.
Our insight helps organisations see where they can gain competitive advantage by developing an approach which can quickly achieve compliance across multiple standards.
Our wider information security credentials, including Payment Card Industry Data Security Standard (PCI DSS) expertise, helps businesses gain maximum impact from the certification process.
ISO 27001 is the internationally recognised standard for industry best practice cyber security.
Organisations that are certified to ISO 27001 often find it easier to assure partners and customers that they meet information security expectations. The standard changed in 2022 so even if you have been certified before, there is work to do to maintain your certification. Our experts can help you at every step of your ISO 27001 journey, from starting to align your processes to the standard, to helping you find a certification body readying you and supporting you during your audit.
A wealth of experience in ISO 27001 implementation
Our team has supported over 150 ISO 27001 projects and our specialists work with clients to achieve and maintain their certifications every month of the year. We can provide all the practical, pragmatic support you need to make your project go smoothly.
Rodney Julius, CISO, Interpath Advisory
How does the process work?
An ISO 27001 project typically takes two weeks to one month to complete, though this will vary depending on the current maturity of your information security management system and the scope you want to cover.
We will work with you to agree the project size and costs as we start to work with you.
The process often begins with a gap analysis that helps us to understand the work you will need to complete and the support you will need from us. The gap analysis typically takes on average three days to complete.
You will receive a report setting out our findings and recommendations, and we will then discuss together which of the recommendations you can address yourselves and where you will need help from us.
Once we have agreed the action plan we will start work.
Gemserv offers two services that you should consider when you think about your ISO 27001 project.
- Cyber Threat Intelligence
The latest version of ISO 27001 requires organisations to have access to actionable cyber threat intelligence information. Gemserv’s cyber threat intelligence platform provides a curated feed of information tailored to your organisation to help you recognise and address the emerging threats that are of most significance to you.
- ISO 27701
ISO 27701 is the sister standard to ISO 27001. It extends your information security management system to include your privacy information management system, so it reassures your partners, suppliers and customers that you protect personal data to the standards they expect. Organisations that have both ISO 27001 and ISO 27701 are likely to find it easier to provide acceptable answers when asked to complete due diligence questionnaires.
Our ISO 27001 Experts
- Mandeep Thandi
Director of Cyber & Privacy
- Mark Railton
Practice Lead – Cyber Security & Privacy Team
- Ian Hirst
Partner, Cyber Threat Services
- Camilla Winlo
Head of Data Privacy
- Ian Rutland
Head of Cyber Security
- Kaveh Cope-Lahooti
Principal Consultant – Data Privacy