I know we require information security; however, I’m not sure what we need. I have so many questions…

…or I feel like I should if only I knew what to ask.

Just started implementing an Information Security Management System (ISMS). Things are going well but there is so much still to do. Documentation, training, risk assessment, internal audit, Management review, etc. We could really use some guidance to ensure we are ready for certification.

We bought the 27001 Standard and the 27002 Implementation Guidance. This were going well at first but have since stalled. The stage 1 audit is coming quick and for the past week I’ve been able to here my heart beat in my head (thump-thump thump-thump). We need help to get through this.

We have our 27001 certification; however, we’re stretched thin and need help to simplify the annual activities and overall maintenance process or possible outsource some of the activities.

We have an established Information Security Management System (ISMS), but we want to take it to the next level. External expertise is required to help improve ISMS processes, streamline activities, as well as facilitate and destress the audits.

We have or are in the process of getting our ISO/IEC 27001 certification. We need to do our internal audit and would like to have a highly qualified auditor to ensure we are prepared for this years certification or surveillance audit.

Risk Assessments come in all forms. To make things harder, the ISO 27001 Risk Assessment has additional compliance requirements. Developing a risk methodology, a comprehensive Risk Assessment, and a Risk Treatment Plan (RTP) can be a daunting task at the best of times. In turn a stalled Risk Assessment can easily derail other dependant Information Security Management System (ISMS) activities compromising your certification aspirations.

No… none of these describe my situation. It may be better to describe it myself.

I’m intrigued, at Berbridge we love a challenge. Click the button below and we’ll setup a time to meet.