Building ISMS

You are interested in ISO/IEC 27001 certification but you would like some professional assistance to guide you through the process.


Your response - ask Gamma to help you build your ISMS

Gamma will help you to build your ISMS and achieve certification.

We will start by asking you a few questions such as “What are your business objectives? What do you see as the scope of your ISMS and what do you see as your scope of certification? When do you require certification? Do you want us to build the ISMS for you, or teach you how to do it?” (We can, of course, build the ISMS and run it for you as a managed service).

From this we will construct and agree with you a project plan. Our customary approach is to introduce as much parallelism as possible. Management system standards don’t tell you the order in which requirements have to be implemented, and so you can implement them in any order (just so long as they are all met when the ISMS is certified). The order that makes sense to us is one that minimises the duration of the project. That means certification can be achieved quickly and with less expense.

Another aspect of our build strategy is to perform the minimum amount of work necessary to achieve certification, putting all ideas ideas for improvement into a continual improvement plan. An alternative approach is to opt for a more sophisticated approach to start with, although this will take longer and cost more initially it can help particularly when a “new broom” is required to sweep away bad practices.


Since an ISMS is primarily a way of managing information security, much of our work will be to help you to undertake such management in the manner required by ISO/IEC 27001. We will do this through training sessions and management briefings However, we will endeavor to do this in a manner that best suits your existing management style and organisational culture (ISO management system standards strive to specify what to do not how to do it). We will also re-use as much of your existing processes as possible (unless you wish to change them or implement any recommendations that we might have) recasting them as necessary to meet the ISO/IEC 27001 requirements.

As the various processes (e.g. risk assessment, risk treatment, performance evaluation, internal audit etc.) are established, we will start to use them, thereby kick starting the ISMS into life and generating the necessary documented information.

Should there be a required ISMS process that is totally new to you, don’t worry, we can create it for you using our tried and tested methods (such as IMS-Smart), or create a designer solution for you.

Timescales are typically 4 to 6 months, although the fastest was seven weeks and with another organisation it took about a year.

Your next move

... simply email us, or telephone +44(0)1276 702 505. Why not do it now!