ANNOUNCEMENT - Cognisys Group is now ISO27001 accredited
I have great pleasure in announcing that Cognisys Group Limited have attained the ISO27001 certification.
This has been no mean feat and it’s all thanks to our Managed Services Lead consultant, Adam Royds. Adam also heads up our GRC consultancy and is extremely well versed in the requirements stipulated within Annex A of ISO27001.
All organisations, regardless of size, need to follow a standard process to become compliant:
Understand what elements of the business require compliance to ISO27001, if not the whole company. Large enterprise organisations may only require specific departments to become certified e.g. Finance.
Collate all policy and procedural documentation
Conduct a Gap Analysis between existing documents and the controls required under Annex A of the standard
Generate new policies and procedures as required in order to reach compliance
Engage with a 3rd party to audit the policies and procedures
As a small company you may think that it would be easier for us to comply than a larger firm, you would be wrong. As a cyber security consultancy, we needed to ensure that our policies and procedures were more robust. Password Management, Disaster Recovery, Backup and Remote Access along with Data Encryption and Laptop Cleardown policies need to be more thorough than standard policies.
That said Adam threw every possible resource at completing the task to ensure we attained the certification by the December deadline.
If you’re considering ISO27001 for your organisation please email firstname.lastname@example.org with your contact details and one of our experienced team will call you back to discuss your requirements.
Further details of our services can also be found on our website: www.cognisys.co.uk.