We are particularly expert in ISO/IEC 27001, having helped to write the standard…

  
  The third edition of ISO/IEC 27002 was published last February… the new controls are now in ISO/IEC 27001:2022 Annex A which was published on 25 October last
 

Consultancy and training services

IMS-Smart specialises in Integrated Management System (IMS) services. We are particularly expert in ISO/IEC 27001, having helped to write the standard and create the original British Standard (BS 7799-2:2002). We are also experienced in ISO 9001 and ISO 22301.

IMS-Smart’s approach

It is essential that your project team takes ownership of the ISMS. IMS-Smart’s role is to assist you to do that. We start with a series of tutorials in which you will gain a correct understanding of the ISO/IEC 27001 requirements and how your organisation can fulfil them. Quite soon into the tutorials, the team will be set a variety of tasks to marshal your existing documented information and processes to fulfil as many of the requirements of ISO/IEC 27001 as possible. If required information or processes do not exist, you will be shown how to create them. 

As your work on these various tasks proceeds, the tutorial nature of our meetings declines, and the meeting transition into technical review meetings, as illustrated in the figure below. Still later, there will be another transition. Whereas in the first two groups of meetings IMS-Smart is the convenor, tutor and moderator, in this third phase you will be the convenor and IMS-Smart will just be a participant, albeit perhaps in an expert capacity. In this phase you will recognise that your organisation is ready for certification.

 

Remote working

Our work can be performed remotely using virtual meeting platforms.

Productised IP-led service for building IMS

Our approach to assisting organisations to develop their ISMS capability is well established – so much so that we can also offer it as a “Productised Intellectual Property-led Service”. This provides an elegant and fast way to construct integrated management systems, and, as explained in our more detailed page, and allows you to extend your ISMS capabilities to other parts of your organisation. This is the approach taken by the Civil Service in Mauritius, and uses the overarching-subordinate concept.

Privacy extension

The PIMS standard (ISO/IEC 27701:2019) augments and refines ISO/IEC 27001 and ISO/IEC 27002. It adds about 50 controls to ISO/IEC 27001 Annex A. The extension assists with demonstrating compliance to the GDPR and is straightforward to implement with IMS-Smart On-Line. We can help you do this.

Management system integration

We can help you integrate your management system with other management systems that you might have or establish an integrated management system capability from scratch. All new and revised management system standards now conform to new ISO Directives concerning high level structure and identical core text, which assists to identify common elements.

Specialist ISMS services

Because of our in-depth knowledge of ISO/IEC 27001 we are able to offer a range of specialist ISMS services including:

  • helping you with information security policy, risk assessment/risk treatment, the Statement of Applicability, implementing controls, internal audit, staff training and much, much more;
  • finding out how you get the very best out of your existing ISMS by identifying how to make it more efficient and more effective.

Training

We are able to offer you a variety of virtual concerning all aspects of implementing the new breed of management system standards. Some of these courses are part of our PIPS, whilst others are being especially developed to meet market demand.

Your next step

If you would like more information on these services, or you would like to find out what else we can do for you, please do not hesitate to contact us - we’d be happy to help.