Chat with us, powered by LiveChat


Make Information Security A Priority

Our consultants can help you build policies, procedures and processes to get ISO 27001:2013 certified

Building a framework to align with ISO 27001 is a great step towards improving security maturity of your organisation. However, aligning your organisation to an industry standard such as ISO 27001 can be difficult if you don’t have the right support. Gridware offers a mature Governance, Risk and Compliance (GRC) services that helps accelerate what is otherwise a lengthy and tedious project by utilising our best practice methodologies.


How we undertake an audit and align your business to ISO 27001

Gridware consultants adopt a risk based approach to aligning your organisation to and industry standard and undertaking an ISMS implementation. We look at your operations and provide a benchmark for establishing, implementing, monitoring, maintaining and reviewing your collection of policies, procedures, processes and controls. We have a wide variety of talented ISO 27001 consultants that are also ISO 27001:2013 Lead Auditors.

There are 10 key domains that are addressed under the ISO27001 (and 114 control procedures in Annexure A). This means your organisation will be audited against these categories, and where our services identify deficiencies, our consultants will work with you to implement controls that mitigate these risk areas. The key areas of assessment include:

  • Security policies and management direction
  • Organisation structure and responsibilities for information security
  • Asset management including devices, inventory and classification
  • Human resource management including onboarding, offboarding and changing roles
  • Physical and environmental security including protection of devices, cable management, fire safety etc.
  • Communications and operations management including technical security controls in systems and networks, backup procedures and password management
  • Access control and restriction of access rights to networks, systems, applications, data and functions
  • Information systems acquisition, development and maintenance
  • Information security incident management including privacy considerations, response procedures and business continuity management
  • Compliance with legal, regulatory and contractual obligations

Want to get started?

Get going with our ISO27001 Certification Services!


Why Your Company Needs ISO27001 Certification

finally meet industry best practice

Bring your business operations and development cycles up to speed and aligned with the industry best practice standards accepted around the world

continual improvement

Develop guidelines that shape good practice in your organisation that improve with time and forms the foundation of good governance

meet tender requirements

Demonstrate commitment to information security, privacy and best practices to third parties during tender or evaluation processes

The Stages of an ISO 27001 Implementation Project

  • Risk Assessment

    Before implementation, our ISO27001 consultants undertake a risk assessment and develop a risk treatment plan that is risk rated against priorities your organisation needs to address.

  • ISMS Scope and Current State Assessment

    Part of our ISO27001 services is to also design the scope of your ISMS so we can have appropriate direction when developing your statement of applicability against ISO27001 Annexure A controls.

  • Policy, Procedures and Checklists

    Our ISO27001 consultants develop and document all your security policies, rules, controls and procedures needed to mitigate your risk areas and align with ISO27001:2013.

  • Internal Audit

    Gridware's ISO27001 implementation services also include an internal audit and security assessment that is undertaken prior to your certification audit.

  • Information Security Training

    Finally, once the policies are developed, we undertake ISO27001 training session services that includes cyber awareness training for ISMS as per the requirements of ISO27001.

ISO 27001 Implementation and Compliance FAQs

What is an ISMS?

An ISMS is a set of documents, procedures and guidelines created to create a compliance framework aligned with the requirements of ISO27001. In simple terms, it means having a set of policies, procedures and processes which align with the objectives and scope of the ISO27001 as it is relevant to your organisation. That means it’s not just an IT policy, but also key business processes, controls, audit procedures as well as principles such as commitment by senior management for continual improvement. The full list of compliance obligations required to have an ISMS will depend on the nature, size and risk appetite of your organisation.

Is an ISMS about IT security?

Not necessarily. ISMS is based on the ISO27001 standard which relates to Information Security. Whilst some components relate to Information Technology Security Techniques, the scope of the ISO27001 includes many other aspects such as knowledge, words, concepts, ideas and brands. Generally speaking, an organisations most valuable asset is information that belongs to the business. Therefore, any medium where this information is used, captured, stored or managed will fall under the scope of an ISMS.

Where can I download the ISO27001 ISMS?

The ISO/IEC 27001, 27002 and all other published international standards must be purchased directly from the ISO store  or other reputable publisher.

How do you implement an ISMS?

Implementing an ISMS is a project taking into consideration all the compliance requirements of the ISO27001, and meeting those requirements in your organisation. Clauses 4-10 of the ISO27001 relating to the organisations context and scope, leadership and commitment, planning to address risk, support and awareness, operational planning, risk assessments, performance evaluation and continual improvement are all mandatory components of an ISMS. Once these requirements are met in the form of documentation, you should in conjunction conduct a risk assessment of your information security. Relevant controls from Annexure A of the ISO can be used as guide to assist the organisation with implementing best practice controls.

Do I need a consultant to implement an ISMS?

It is possible to implement an ISMS without an external service provider, however, having a consultant such as Gridware assist with the implementation of the ISMS will ensure you the process is much faster, more streamline and created keeping in mind the requirements of certifying bodies should you require certification or future audits. Gridware utilities a risk-based approach and has undertakes approximately 10 ISMS implementation projects per calendar year. For example, for an organisation of 200, what would ordinarily take approximately 6 months for 2 full time employees, can be completed in 12 weeks by a Gridware consultant. We leverage on the experience of completing the projects successfully to save you time, money and resources.

How often do I need to audit an ISMS?

If you obtain certification for your ISMS with a certifying body, then generally you should conduct an internal audit or spot check every 12 months and complete a comprehensive audit every 2 years. This is because of the fast paced and changing nature of technology in enterprise and the evolving risks that apply to handling customer, employee and sensitive information.

Do I need to get certified to have an ISMS?

Not necessarily. To become ISO27001 certified, you require a certifying body such as SAI Global, BSI or PECB to certify that your ISMS meets the requirements of the ISO27001. You can still create and maintain the documentation without the need to be certified.

–  Why Choose Gridware for ISO 27001 Implementation –

Gridware specialises in a range of risk management services that help you gain the in-depth knowledge of what your organisation needs to do to comply with ISO 27001. We have worked with a variety of industries, including major organisations across Melbourne, Sydney and other major capital cities.

In an increasingly digital Australia, organisations are looking for ways to improve their cyber resilience. That’s where Gridware comes in. Our talent team of governance, risk and compliance professionals work with you to address a variety of threat vectors to best mitigate your security vulnerabilities. Team up with Gridware and transform your cyber risk strategy.

With headquarters in Sydney Australia, we combine local talent and market-leading technologies to help organisations out-innovate attackers.

Case Studies

Take a look at how we have helped some of our many clients.

News and Insight

Have a look at some of the media exposure Gridware has received.

Other Services

Have a look at other services Gridware can offer your business.

Contact Us

Let us give you a call back to provide more detail on our offerings or arrange a presentation

Start typing and press Enter to search