Many organisations choose to meet the requirements of the ISO 27001information security management standard, and to demonstrate their compliance through certification. To do so delivers a level of assurance that the way in which you manage cyber security meets a globally accepted standard, whilst sending a clear message to your customers that you take your data protection obligations seriously. Similarly, organisations who have operations in the USA will often align themselves with the NIST Cybersecurity Framework.
CRMG will work with you to put the fundamentals compliance with ISO 27001 or the NIST Cybersecurity Framework in place. In reality, delivery of our ‘Risk Framework’ approach in your organisation is highly likely to get you most of the way there. But of course we don’t take any chances. Once we’ve helped you get the basics right, we’ll conduct a ‘readiness’ audit to make sure you’re prepared for certification, and identify any corrective action as necessary.
Once that is done we’ll ask our preferred certification body to step in and perform the final certification audit (final audit available for ISO27001 only at this stage). At each stage (Stages 1 and 2) of the audit our consultants will be alongside the auditor to pick up any observations that may need addressing to achieve certification.
If you would like to discuss our Cybersecurity Framework Readiness & Audit service, please contact us.