Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Services > Guidance service for ISO 27001 implementation
Go to: HSC Trainings
Télécharger le catalogue des formations
Version française
o Skills & Expertise
o Consulting
o ISO 27001 services
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o Training courses
o E-learning
o Agenda
o Past events
o Tutorials
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
o HSC Newsletter
o Bulletin juridique HSC
o Press review
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Guidance service for ISO 27001 implementation  
blah Services
See also...
o ISO 27001 status overview
o ISO 27001 certification audit training
o General presentation of our ISO 27001 services
o HSC ethical and deontological guidelines

Objective of the service

To assist you in the implementation of an ISO 27001 compliant ISMS.

In which cases to select this service

You wish to show to your interested parties (customers, regulatory institutions, strategic partners, etc.), in an objective and verifiable way, that you run security good practices.

Results of the service

At the end of the service, the customer has implemented an ISMS and masters its operation.

Detailled description

This service comprises three main stages, below detailled:

  • Stage 1: Strategic stage
  • Stage 2: Foundations setting up
  • Stage 3: Implementation of the ISMS procedures

Stage 1: Strategic stage

During this stage, the HSC consultants closely work with the customer in order to: * - Identify some strategic priorities in the context of the security * - Define the most relevant ISMS scope, and write it in accordance to the ISO 27001 requirements * - To design a security policy in accordance to ISO 27001, taking into consideration the previously identified strategic priorities * - To devise a security organisation taking into consideration the customer background

Stage 2: Foundations setting up

The HSC consultants assist the customer in implementing the ISMS foundations. For this, they advise the customer regarding the following tasks:

  • Assets inventory
  • Assets evaluation
  • Vulnerabilities identification
  • Threats identification
  • Selection of the risk treatments
  • Production of the Statement of Applicability (SoA)

Stage 3: Implementation of the ISMS procedures

The customer implements the ISMS procedures following the previously formulated HSC recommandations. The main intended tasks are:

  • Implementation of the documentation management procedure
  • Implementation of the operations follow-up procedure
  • Implementation of an internal audit structure
  • Implementation of the security controls
  • Adjustments to the compliance of the existing processes
It is fundamental that these tasks are realised by the customer for he masters the ISMS. Indeed, the certification auditors will evaluate that control of the ISMS. The HSC consultants supply a sustained assistance to the customer. That's why this stage takes the form of a bundle of "open" days, during which the consultants are to be solicited. They are to come, at the customer convenience:
  • To validate the steps of the work on the compliance adjustements
  • Or to assist the customer on a fussy step
This approach brings several key benefits:
  • The customer effectively masters the ISMS, which is fundamental for being certified
  • The operations rhythm is adapted to the customer wishes
  • The consultants come if needed, when the customer feels ready or is blocked by a difficulty
  • The consultants check that the resulting ISMS comply with ISO 27001 and that there is no drift from the standard
Last modified on 5 February 2009 at 15:56:39 CET - webmaster@hsc.fr
Mentions légales - Information on this server - © 1989-2013 Hervé Schauer Consultants