ISO 27001 certification demonstrates your commitment to managing the security of your organisation’s information systems, processes and policies as effectively as possible. It will provide reassurance to your client base that you have robust procedures in place to mitigate cyber risk and protect their data.
However, becoming ISO 27001 certified is a major undertaking and often over-stretches internal resources. It’s usually easier to seek expert support from a third-party, although the market can prove to be a minefield, with many service providers offering templates and quick fixes that over-promise and under-deliver. In truth you can’t cut corners on compliance.
Dionach is a professional cybersecurity consulting firm that assists clients with various aspects of ISO 27001 certification. They provide expert support to organisations seeking to establish, implement, and maintain an effective information security management system (ISMS) in line with ISO 27001 requirements.
Dionach can assist with conducting risk assessments, defining security policies and procedures, implementing necessary controls, and developing documentation required for ISO 27001 compliance. They also offer guidance on security awareness training, internal audits, and readiness assessments to ensure clients are well-prepared for ISO 27001 certification.
Dionach’s expertise helps organisations navigate the complexities of ISO 27001 and successfully achieve certification while mitigating cyber risks and protecting their valuable data.
Our consultancy services are tailored to meet your needs. Whether you require a single day of training or complete support throughout your ISO 27001 journey, we can help. Typical consultancy engagements include:
A gap audit is an analysis of your organisation’s infrastructure and information systems designed to understand what you need to do to achieve certification.
It’s a good starting point if you need to scope out your project and determine what budget and resource will be required.
Dionach’s consultants will visit your business, review your current policies, procedures and practices, and produce a detailed Gap Analysis Report which outlines your current compliance levels and highlights any areas that need to be addressed.
ISO 27001 compliance involves regular internal audits of your Information Security Management System (ISMS) to check ongoing conformance with the standard.
Our highly experienced team of auditors will conduct a full evaluation and produce a detailed report outlining areas of non-conformance and suggesting corrective actions.
We typically deliver this face-to-face to enable a more in-depth discussion of any issues identified during the audit process. Our auditors are also available to deliver the necessary remediation work as required.
The Gambling Commission requires that all license holders comply with Remote Gambling and Software Technical Standards (RTS) and that annual security audits are undertaken by an independent, qualified security specialist.
Dionach’s auditors are fully conversant with the industry standards, have much experience in conducting audits and produce reports suitable for submission to the Gambling Commission.
We also assist operators in achieving compliance with the relevant areas of the information security standard ISO 27001, as required by the Gambling Commission.
It’s important to note that ISO 27001 does not provide a specific checklist of requirements. Instead, it offers a framework for establishing an Information Security Management System (ISMS) and requires organisations to tailor their implementation based on their unique context and needs. However, here are some general areas that organisations typically address when working towards ISO 27001 compliance:
It’s important to consult the ISO 27001 standard itself and engage with an experienced consultant or auditor to ensure a comprehensive and tailored approach to achieving ISO 27001 compliance. Dionach can help develop a checklist specific to your organisation’s needs and guide you through the certification process.
We have documented frequently asked questions about our ISO 27001 service. If you cannot find the answer to your questions, please do get in touch directly. We’ll be happy to help.
ISO 27001 is an internationally recognised standard for information security management. Its primary objective is to help organisations establish, implement, maintain, and continuously improve an information security management system (ISMS).
ISO 27001 consists of several essential components, including the context of the organisation, leadership involvement, planning, support, operation, performance evaluation, and improvement.
ISO 27001 defines risk management as the systematic application of policies, procedures, and practices to identify, assess, treat, monitor, and communicate information security risks.
Implementing ISO 27001 involves several key steps, such as conducting an initial risk assessment, defining the scope, developing a risk treatment plan, implementing security controls, performing internal audits, and undergoing certification audits.
The risk assessment helps organisations identify and evaluate information security risks, including potential vulnerabilities, threats, and impacts, to determine appropriate controls and mitigation measures.
ISO 27001 requires organisations to identify information assets, determine their value and ownership, classify and label them, and define appropriate handling and protection measures.
ISO 27001 certification is valid for three years, during which regular surveillance audits are conducted to ensure ongoing compliance.
ISO 27001 certification helps improve an organisation’s security posture, enhances customer confidence, facilitates compliance with legal and regulatory requirements, and enables the organization to win new business opportunities.
ISO 27001 requires organisations to establish procedures for identifying, reporting, and responding to information security incidents, as well as conducting post-incident reviews and implementing necessary corrective actions.
Internal audits help organisations assess the effectiveness of their ISMS, identify areas for improvement, and ensure compliance with ISO 27001 requirements and controls.
ISO 27001 provides a set of control objectives and controls in Annex A. Control objectives define high-level security goals, while controls are specific measures that can be implemented to achieve those objectives.
The information security policy aims to establish the organisation’s commitment to information security, define the overall objectives and scope of the ISMS, and provide a framework for setting security objectives and requirements.
We deliver the whole spectrum of cyber security services, from long-term, enterprise wide strategy and implementation projects to single penetration tests.
Our team works with you to identify and assess your organisation’s vulnerabilities, deﬁne enterprise-wide goals, and advise how best to achieve them.
Our recommendations are clear, concise, pragmatic and tailored to your organisation.
Independent, unbiased, personalised – this is how we define our services. We guide you to spend wisely and invest in change efficiently.
Our experience with ISO 27001 certification was exceptional. The process was well-organized, and the consultants provided us with valuable insights and guidance throughout. The certification has significantly enhanced our information security framework and increased our clients’ trust in our services. We highly recommend pursuing ISO 27001 certification with Dionach.
Thanks to ISO 27001 certification, we have instilled a culture of security within our organization. It has empowered our employees and reassured our clients that their information is in safe hands. The consultants we collaborated with were extremely professional and thorough. They conducted comprehensive risk assessments, developed robust security policies, and provided practical recommendations for improvement.
ISO 27001 certification has been a game-changer for us. It has given us a competitive advantage, demonstrating our commitment to data security and setting us apart from the competition.
Dionach played a crucial role in helping us achieve ISO 27001 certification. Their expertise and guidance throughout the process were exceptional. They meticulously assessed our information security practices, identified vulnerabilities, and provided practical recommendations to strengthen our security posture.
This is the second of two parts of our publication, looking at the new section 8 controls of the ISO 27002:2022 update. Please refer to
Part 1 of 2 Authors: Shannon-Louise Huxley – GRC Consultant, Steve Rowe – GRC Consultant The release of the ISO 27002:2022 update brings a restructure of