e-Contego is a full-scale ISO 27001 service providing partner, focusing on delivering a complete and certifiable Information Security Management System (ISMS) and/or other services related to ensure that your company’s security controls are effective and measurable. e-Contego can assist with everything from initial Gap analysis, Risk Assessments, Policy review / updates to Internal Audit and remediation assignments.
Our ISO 27001 Certification solution package could almost be viewed as a turn-key solution. However, we want to view this as a partnered solution since you will be managing the ongoing maintenance of the ISMS after becoming certified.
What e-Contego will bring to the table is a proven track record of successful implementations, a set of mandatory ISMS documents that have been proven effective and sufficient in other certification assignments. These documents can easily be tailored to fit your company. In addition, e-Contego will provide methods and processes for handling risk assessment, corrective action items, information Security Exceptions etc.
Everything to ensure all processes are aligned and bringing you on the fast-track to certification.
With this service, you will be provided with a detailed Gap Assessment report, and an exact status of your current framework and where it is in regards to meeting the ISO 27001 standard for certifications. Along with the detailed report, e-Contego will provide you a road-map towards certification. The roadmap to certification is typically provided in Excel format, that easily can be imported in to a project software such as MS Project. The Readiness Assessment typically takes 5-7 weeks depending on company size.
An Information Security risk assessment is a requirement within the ISO 27001 certification process and e-Contego will provide you with a methodology that ensures a repeatable process for the years to come. This will be tailored to your needs and company size.
Our approach for risk assessment always starts with the asset – which at a high level is anything that represents a value to you and your company
To ensure the most effective way to perform a risk assessment we will assist you with creation of an ISMS Asset register or, if you already have something in place – we’ll align what you currently have to meet the ISO 27001 requirements.
We can help as much or little as you want – e-Contego has many years of experience in regards to developing solid processes and procedures for various operational and Information Security tasks.
If you decide to perform all remediation on your own, as a partner, we do recommend regular checkpoints to ensure you are on track and that the remediation will satisfy the certification audit. ISO 27001 do require that certain mandatory documents/policies exist.
e-Contego can provide a set of policy templates that you can easily modify and use to create your own mandatory ISMS documents.
As a partner, we will provide guidance during the required Internal Audit process.
Note – Many of our clients do not have an accredited ISO27000 auditor or an Internal Audit function. In those cases, e-Contego can leverage some of our business partners that would be able to perform the Internal Audit as an objective and independent resource.
As a partner, e-Contego will coach you prior to the actual audit on what to expect, and of course be present by your side and assist and guide you during the certification process.