URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.
Having been involved in implementing ISO 27001, the International Standard for Information Security Management Systems (ISMS’), since its inception, URM has unrivalled insights into the Standard’s requirements and how best to satisfy them. URM’s ISO 27001 consultants are adept at supporting all stages of the Standard’s lifecycle, from conducting gap analyses and risk assessments through to ongoing management system and control audits. URM can offer your organisation full lifecycle services or one of the more specific services detailed below in order to achieve either ISO 27001 conformance or ISO 27001 certification.
Following the publication of ISO 27001:2022 on 25 October 2022, URM became one of the first UK organisations to achieve certification to the updated Standard in April 2023. Our in-depth knowledge of ISO 27001 combined with our own early transition experiences means we are ideally placed to help your organisation either certify or transition to ISO 27001:2022.
If you are not certified, now has never been a better time to develop an information security management system and achieve ISO 27001 certification. URM can help you with the services listed below. If you would like to understand more about the benefits and what’s involved in implementing ISO 27001, please register your interest here and we will be in touch.
With our ISO 27001 gap analysis, URM will assess both your existing information security framework or management system and your information security controls. With regard to the former, our ISO 27001 consultants will review both your documentation and your working practices in order to identify what gaps exist in relation to the requirements contained in the mandatory clauses (4-10) of ISO 27001. Similarly, with regard to the information security controls or measures, we will identify what gaps exist in relation to the controls of Annex A of the Standard.
ISO 27001 is fundamentally a risk-based standard, where you can identify the risks that are specific to your organisation’s information assets and how best to treat them based on your risk appetite. Utilising its ISO 27001 proven risk assessment tool Abriska, URM can assist you not just in identifying the threats to your information assets, but the likelihood and impact of them occurring. Once you have identified your greatest risks, you are then able to prioritise your risk treatment activities and maximise your time, effort and budget. With Abriska, you will also be able to run all the necessary (ISO 27001) reports, i.e., Statement of Applicability (SoA), risk register and risk treatment plan (RTP). The software tool is fully compatible with the 2022 version of the Standard, is populated with all the new controls and offers a variety of transition options
The risk assessment will determine what policies and processes need to be developed and implemented. Some may be existing policies and processes which need amending or refining, whereas others may need to developed from scratch. Whichever it is, URM will ensure they are developed with 2 goals in mind. Firstly, they will be tailored to match your culture and style and reflect what you actually do. Secondly, our consultants will ensure that anything produced will fully meet the requirements of ISO 27001. URM can assist you in the development of your IS Policy, along with all the supporting policies and processes.
In order to conform with the requirements of ISO 27001, you will need to establish a framework and management system. URM will draw upon its experience and help you establish some of the key components such as:
Auditing plays a critical role in ensuring that your organisation’s management system is operating effectively. A significant challenge for many organisations is a lack of sufficiently competent resources or those with sufficient impartiality to cover all auditing needs. With URM, our ISO 27001 auditors are skilled and knowledgeable not only in audit techniques, but also in the subject of the audit, whilst at the same time demonstrating independence from the area being audited. URM can offer your organisation a flexible range of audit services from planning and implementing a full 3 year’ ISO 27001 audit programme, to conducting individual audits against any aspect of the ISMS or any specific controls.
As well as providing consultancy support against the above-mentioned areas, URM’s ISO 27001 consultants can also provide guidance and knowledge transfer across the full implementation lifecycle of the Standard. Furthermore, URM can offer your organisation 2 levels of support:
A further ISO 27001 service we can provide is our Interim Information Security Manager Service to cover for absence or while you recruit a permanent resource. Equally, URM’s interim resource may be required to manage a specific project, e.g., implementing a management system or complying with a new regulation, or addressing a turnaround or change requirement.
Getting the assessment and management of information security risk right is critical. It is also an area where URM excels and where clients can take advantage of URM’s in-house risk management module, Abriska, with its robust and proven risk assessment methodology and the extensive experience and expertise of its ISO 27001 consultants.
When helping develop your ISMS, URM’s goal is to achieve the optimum balance between meeting the mandatory management system requirements of ISO 27001 and ensuring your management system is fully sustainable and tailored to your organisation’s size, culture and business objectives
URM has an unparalleled track record of assisting over 350 organisations to achieve and maintain ISO 27001 certification and is proud to have never been involved in a failed certification project. Our clients have ranged in size from micro businesses to multinationals and come from a diverse range of market sectors and, due to our tailored approach, every one of the 350+implemented ISMS’ has been different.
URM has been certified to ISO 27001 ever since the Standard was first introduced in 2005. Furthermore, it became one of the UK’s first organisations to transition to ISO 27001:2022 in April 2023. The experiences gained in maintaining and transitioning certification helps to ensure our consultancy and training services remain current and relevant.
URM’s blog discusses the changes to the requirements around threat intelligence in ISO 27001:2022 and what certified organisations will need to do differently.
URM’s blog explains how the principles of confidentiality, integrity and availability (CIA) can help align your information security controls with best practice