ISO 27000 Consultancy

ISO 27001 is the global best practice standard for information security. Gaining compliance with or Certification to ISO 27001 proves that your organization takes the confidentiality, integrity and availability of its information seriously.

The ability to respond quickly to information security breaches or incidents is one of the key goals of ISO 27001. Ensuring the capability to minimi

​ze the opportunity for incidents to occur will also give your organi​z​ation a major advantage in service resilience and will help build confidence in your ability to handle information in a secure manner.

Magellanix offers a modular progra​m​me of consultancy. Magellanix’s methodology will enable the development of a robust Information Security Management System (ISMS).

​What is ISO 27000?​

ISO 27001:2013 is the de-facto international standard on establishing, operating and maintaining an Information Security Framework (ISMS – Information Security Management System).

The standard is structured into two sections

  • Mandatory sections of the standard and details specific processes and policies which must be adhered to in order to gain formal certification
  • Annex A of ISO 27001:2013 which covers 14 security guiding principles.

​ Self vs. Formal Certification

An organization can claim self-compliance to the standard. This means it operates an ISMS (Information Security Management System), but it is not intending to gain formal Certification. An organization may still be subject to an audit by customers or clients who have imposed a requirement to be compliant, through a contractual clause or during the tender process.

Operating an ISMS and claiming self-compliance provides a common basis for developing organizational security standards, an effective security management practice and confidence in inter-organizational dealings.

Formal Certification is awarded by independent third party Certification bodies. By being certified an organization is subject to continual six monthly surveillance audits and re-Certification audits every 3 years. This ensures the organization is continually monitoring and improving its ISMS in order to maintain its Certification status.

​ Benefits:

By having formal documented ISMS which has been independently assessed, an organization can demonstrate to its customers and clients that it is committed to security and has the ability to handle information in a secure manner. Equally customers and clients gain confidence in the organization thereby increasing trust in its brand and/or image.

The reputation of ISO and the Certification against the internationally recognized ISO 27001:2013 security standard enhances an organizations’ credibility and may lead to an increase in its market share.

​Successful Certifications:

Magellanix modular programme consists of the following phases:

Phase 1: Initial Scoping Meeting

Phase 2: Gap Analysis/Risk Assessment/Development of a Security Improvement Plan

Phase 3: Implement Security Improvements (Plan)

Phase 4: Information Security Education and Training

Phase 5: Implementation Review and Compliance Checks

Phase 6: Final Mock Certification

Magellanix has a 100% success rate in assisting organizations through ISO 27001. Having successfully gained Certification to ISO 27001 ourselves we are particularly well placed to guide others toward this internationally recognized Standard.

Magellanix’s business consultants are all ISO 27001:20013 Information Security Management experts. They complement each other’s strengths and have a varied range of skill sets including:

  • ISO 27001:2013 Lead Auditors
  • ISACA CISA & CISM Qualified Professionals

In addition to this, our consultants are members of a number of professional body ISC2.org and CISSP certified professionals.