ISMS consultancy

You have a certified ISMS (or will have), but you would like some assistance.


Your response - ask Gamma for consultancy support

Gamma can help you with policy, risk assessment/risk treatment, the Statement of Applicability, implementing controls, internal audit, staff training and much, much more.

Here are some examples to whet your appetite:

  • Context: We can assist you to determine the context of your organisation, and determine the issues, risks and opportunities relevant to information security and the operation of your ISMS.
  • ISMS scope: We can assist to determine the scope of your ISMS (that is all things that are relevant to to ISMS, including external risk sources) as well as your scope of certification.
  • Security Policy: We can assist you to develop your information security policy.
  • Risk Assessment: We can assist you to perform a risk assessment, determining your risk criteria and identifying the likelihood of information security relevant events and their possible consequences.
  • Risk Treatment: We can assist you to design your risk treatment plan, selecting the most appropriate risk treatment options and the controls you use/need to modify risk in such a way as to meet your risk criteria.
  • Statement of Applicability: We can assist you to draw up your Statement of Applicability.
  • Implementation of controls: We can help you with the implementation of controls, especially those identified in ISO/IEC 27002 as well as those that are identified in sector/service-specific standards such as ISO/IEC 27010.
  • Documentation: We can help you with all aspects of required documented information
  • Effectiveness measurement: We can assist you to identify what effectiveness measurements you ought to make (usually these are groups of controls associated with areas of significant risks and certain ISMS processes), the best way to make those measurements and to make them for you.
  • Training and awareness: We can assist you in increasing staff awareness of information security and in the operation/importance of your ISMS.
  • Internal audit: We can help you to develop an internal audit programme and carry out your internal audits.
  • Management review: We can help you run your management reviews.
  • Dry Run Audit: We can perform a dry run audit of your ISMS. We can do this in exactly the same way as a certification audit, save that our report will be more detailed.
  • Organising Certification: We can help you to produce a certification plan, complete the Certification Body questionnaires and commission the Certification Body best suited to your needs.  We can assist you throughout the certification process.
  • Post Certification: We can help you to maintain your ISMS, help you to prepare for and support during and after the surveillance visits.
  • Marketing: We can help you to get the most out your ISO/IEC 27001 certification from a marketing perspective.

Your next move

... simply email us, or telephone +44(0)1276 702 505. Why not do it now!