CYBERSYCURE LTD

ISO/IEC 27001 & ISO/IEC 27701 Gap Assessment & Implementation service

This service involves conducting a comprehensive assessment of an organisation's information security management system (ISMS) against the requirements of ISO/IEC 27001:2022 standard and its privacy extension ISO/IEC 27701:2019. The service includes identifying gaps, implementing necessary measures, and developing processes to bridge identified gaps, achieving certification for both standards.

Features

• Thorough assessment identifies information security and privacy management gaps.
• Tailored strategies address gaps and align with certification requirements.
• Expert guidance ensures policies and procedures comply with standards.
• Comprehensive training enhances staff understanding and compliance.
• Documentation preparation streamlines certification process and regulatory compliance.

Benefits

• Ensure solutions are architected and aligned to industry best practice
• Reduce business risk and costs
• Tailored cybersecurity approach enhances resilience against evolving threats.
• Dual certification enhances information security and privacy management.
• Ensures compliance with ISO/IEC standards and regulatory requirements.
• Mitigates risks, reduces incidents, and enhances organisational resilience.
• Streamlines operations, improves efficiency, and boosts stakeholder trust.
• Facilitates continuous improvement and readiness for evolving cybersecurity landscapes.
• UK Cleared Staff (SC).

£650.00 to £1,700.00 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tahir@cybersycure.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

764612481725037

Contact

Tahir Hussain
07958122224
tahir@cybersycure.co.uk

Planning

• Planning service: Yes
• How the planning service works: Initial Consultation: We begin by understanding your organisation's goals, current information security and privacy practices, and desired outcomes for achieving ISO/IEC 27001 and ISO/IEC 27701 certification.; Requirements Gathering: Our team conducts a thorough assessment of your existing information security and privacy management systems to identify gaps and areas of non-compliance with ISO/IEC 27001:2022 and ISO/IEC 27701:2019 standards.; Scope Definition: We work with key stakeholders to define the scope of the gap assessment, including the scope of information assets, organisational boundaries, and applicable legal and regulatory requirements.
• Planning service works with specific services: No

Training

• Training service provided: Yes
• How the training service works: Yes; ; ISO/IEC 27001 Awareness Training:; Overview of ISO/IEC 27001 standard and its requirements.; Explanation of key concepts such (risk management, controls, and compliance).; Benefits of implementing an Information Security Management System (ISMS).; ; Privacy Management Training:; Introduction to privacy laws and regulations.; Explanation of privacy principles and their application.; Developing and implementing a PIMS aligned with ISO/IEC 27701.; ; Policy and Procedure Training:; Development of information security and privacy policies and procedures.; Implementation and enforcement of policies within the organization.; Documenting policies and procedures to ensure compliance with ISO/IEC standards.; ; Security Awareness Training:; Training for employees on recognising and responding to cybersecurity threats.; Guidance on safe handling of sensitive information and adherence to security policies.; Best practices for maintaining security posture and preventing security incidents.; ; Auditor Training:; Training for internal auditors on conducting audits of the ISMS and PIMS.; Guidance on audit planning, execution, and reporting.; Preparation for external certification audits and compliance assessments.; ; Continuous Improvement Training:; Training on establishing processes for ongoing monitoring, evaluation, and improvement of the ISMS and PIMS.; Guidance on utilising feedback mechanisms and metrics to drive continuous improvement efforts.; Strategies for maintaining compliance with evolving cybersecurity and privacy requirements.
• Training is tied to specific services: No

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: Gap Remediation Strategy: Develop a comprehensive plan to address identified gaps in information security and privacy management.; Policy and Procedure Development: Assist in creating policies, procedures, and controls aligned with ISO/IEC 27001 and ISO/IEC 27701 standards.; Staff Training: Provide training programs to ensure staff understand and comply with information security and privacy requirements.; Documentation Preparation: Assist in preparing necessary documents such as the Statement of Applicability (SoA) and Privacy Risk Management Plan.; Audit Preparation: Offer guidance and support to prepare for certification audits, including readiness assessments and mock audits.; Remediation Assistance: Help address any non-conformities identified during audits to ensure compliance with certification requirements.; Continuous Improvement: Establish processes for ongoing monitoring, evaluation, and improvement of the ISMS and PIMS to maintain compliance.
• Setup or migration service is for specific cloud services: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security risk management
  • Security audit services

Ongoing support

• Ongoing support service: No

Service scope

• Service constraints: None

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Depends on service and would be willing to discuss with the client to identify and formulate SLAs that align to their expectations.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Depends on service and would be willing to discuss with the client to identify and formulate SLAs that align to their expectations.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • CISSP
  • CISM
  • TOGAF
  • OSCP
  • ISO27001 Lead Auditor
  • CISA
  • GDPR Practitioner

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  We are committed to ensuring that everyone has an equal opportunity to succeed, irrespective of factors such as race, gender, age, or socioeconomic status. Through fair and inclusive hiring practices, mentorship programs, and career development initiatives, we strive to create a level playing field where talent and merit are the only criteria for advancement.

  Wellbeing

  We prioritise the holistic wellbeing of our employees, recognising that true success stems from a balance of physical, mental, and emotional health. Through initiatives such as flexible work arrangements and access to mental health resources, we support our team members in achieving optimal wellbeing and work-life harmony.

Pricing

• Price: £650.00 to £1,700.00 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tahir@cybersycure.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.