Small business ISO 27001 solution

As more and more large and public sector organisations start to demand ISO27001 compliance from their suppliers small and medium sized businesses need to act.

Parker Management Consultants offer a highly popular small business ISO27001 solution that gets organisations moving towards ISO27001 at a fraction of the cost of the traditional route, but with no reduction of quality.

Incorporating our unique web based ISO27001 portal and interactive training quiz for all employees on data security it makes the Standard real and relevant in the small business environment.

Our ISO27001 small business solution is divided into a number of discrete stages. Each stage is scoped and priced separately so that the business owners know the time and investment required to reach the next stage.

1. ISO27001 benchmark survey

The first step for most clients is a free ISO27001 benchmark survey to assess your organisation against the Standard. On completion of the benchmark survey a report is produced covering all control areas deemed relevant and conclusions which will be discussed with your lead consultant.

2. Risk Assessment and Statement of Applicability

This activity is undertaken by specialist consultants using our ‘in-house’ system based upon ISO27005: 2011 – Risk Assessment Standard. The purpose of this assessment is to: identify possible key information assets within the organisation and their owners, identify possible threats to these assets, identify vulnerabilities that might be exploited by the threats and to identify impacts of confidentiality, integrity and availability on such assets.
 
The results are documented in a full risk assessment report.
 
A Statement of Applicability details the relevant controls that are applicable to the organisation’s Information Security Management System (ISMS).

3. Portal Creation

A unique feature of the Parker Management Consultants approach to ISO27001 compliance is the creation of a web based ISO27001 portal. Available to all who need access via secure password login the portal features an interactive information security quiz, which can be tailored to your business, security video clips as well as additional resources to support your commitment to meeting the Standard.
 
The portal is designed, so that you can integrate other management Standards, such as ISO9001 in the future; with complete ease.

4. Management Control Procedures

Our consultants will draft with your management team, all the required controls selected from Annex A. in the Standard. We will discuss with you the relevance of such controls, the theory behind each requirement and how your organisation might wish to comply. You will be provided with sample documents and models to assist with compliance. All work is completed on at your premises.
 
Once agreed the sample and template documents will be loaded to your ISO27001 portal.

5. Training and Review Session

This optional onsite training session looks at the Information Security Management systems now in place and explores the use and understanding of the ISO27001 portal. It addresses the results of the employee quiz, progress with policies and procedures, the risk assessment results, statement of applicability as well as reviewing selected controls.
 
Although optional clients that undertake this stage say it is invaluable in measuring progress and assessing whether staff have fully embraced the principles around information security management.

6. Full Review

At this stage our senior consultant will undertake a review with the organisation’s top management, to assess the impact of the ISO27001 management system.
 
Many organisations make careful business led decisions about the applicability of heading towards independent external certification at this stage.
 
Some organisations find that there are considerable expenses incurred in aligning all of their systems and operations to address ISO27001, and wish to delay implementation. Others wish to proceed to registration without delay.
 
Some find ‘change’ related concerns cause severe obstacles. Our lead consultant holds a Master’s degree in Management Learning and Change from one of the UK’s premier research universities plus seventeen years’ experience of dealing with such problems and can provide guidance.
 
Many CEO’s thank us for not actively ‘pushing’ assessment upon their organisations, and allowing a period of reflection and review prior to deciding if they wish to advance towards certification.
 
Having completing all of these stages your organisation will have embraced the full concepts of ISO27001. Training will have been provided, and the organisation will have a highly developed web-based ISO27001 management system, that can be linked to the organisation’s main website. This will provide considerable ‘trusted partner’ assurance that you have aligned your operations with ISO27001.

7. Full ISO27001 Assessment

If you wish to proceed towards ISO27001 registration with a premier certification body such as BSI or SGS (both UKAS approved) the consultancy team can provide full support through the process including:
 

  • Full ISO27001 lead audit, conducted by our 27001 lead audit team. This is to verify compliance of your operations to the Standard.
  • Produce a report detailing non-conformity and possible remedy solutions
  • Examine further training needs
  • Liaise with your selected certification body on assessment criteria
  • Assist with your first management review meeting
  • Assisting with security key-performance measures
  • Review in more detail your business continuity arrangements

For help at any or all of these stages contact Parker Management Consultants on 0121 704 1354.

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here