ISO 27001 Assessments and Implementation

Plan, build and certify your ISMS

Ntrust delivers ISO 27001 consulting services that enable organisations to plan, build, and certify a robust and effective Information Security Management System (ISMS). Our team of experts brings extensive experience and deep information security domain knowledge to ensure that you achieve ISO 27001 alignment or certification on time and on budget.

Our consultants will work collaboratively with you throughout the entire implementation process, from ISMS scoping through on-site certification audit support. Beyond that, we provide a variety of ongoing support services to our successfully certified clients, often participating in information security risk assessments and conducting Internal ISMS audits, among others.

ISO 27001 belongs to the ISO 27000 series family of standards and is an Information Security Management System (ISMS) standard developed by the International Organisation for Standardisation (ISO). The standard includes a set of controls that need to be implemented in order to align to the ISMS framework. The standard is unique as it allows an organisation to be formally audited against it, this is known as gaining ISO 27001 Certification.

Once ISO 27001 Certification is obtained, it provides assurance and confidence to the internal management and other interested parties on an organisation’s Information Security program.

ISO 27001 gap analysis

ISO27001 Gap Analysis

An ISO 27001 gap analysis is often the recommended place to start an ISO 27001 compliance project. Our expert-led gap analysis includes interviews with key staff and a review of your existing information security plans and documentation.

The output is a detailed report that provides crucial information on:

  • Your compliance gaps against ISO 27001
  • The proposed scope of your ISMS
  • Your internal resource requirements
  • A prioritised roadmap to achieve certification readiness

ISO 27001 Coverage

Based on the principles of confidentiality, integrity and availability, the ISO 27001 covers:

  • Information security policies
  • Organisation of information security
  • Human resources security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security

  • Communications security
  • System acquisition, development and maintenance
  • Supplier relationships
  • Information security incident management
  • Business continuity management
  • Compliance

ISO 27001 Services

These assessments types can be customised or combined to suit particular requirements.

ISMS Scope Determination and Optimisation

Scope determination is critical to a successful ISO-27001 certification effort. The scope needs to be broad enough to ensure that it will satisfy key stakeholders (e.g., clients, shareholders) but narrow enough to ensure the initial effort remains manageable.

Risk Assessment

A Risk Assessment is fundamental to an ISMS. We believe that ISO-27005 has an advantage over many other Risk Assessment standards in that it provides an information asset-based (information and the processes that act on it) approach. This yields a much more intuitive process that drives far greater value, in less time.

Risk Treatment Plan Development

The risk treatment plan defines the ISO-27002 controls required, including the necessary extent and rigor, to treat (mitigate) risk to a level that is deemed acceptable by management. It is a fundamental ISMS artefact and forms the basis for the gap assessment.

Policy, Standards, & Procedure (PSP) Support

PSPs form the backbone of any ISMS and although PSPs are the most basic elements of an ISMS, they are also one of the most complex to implement effectively. This is largely due to the comprehensive and inter-dependent nature of PSPs.

Prioritised Roadmap

Roadmaps define the activities, approach and responsibilities necessary to address identified gaps in the time-frame required to achieve project objectives, including certification.

ISO 27001 Gap Assessment

Understanding the gap between the current and desired state of the ISMS and control practices is a key input into a “Prioritised Roadmap” (Gap Remediation Plan).

Ongoing Risk Management Process

Maintaining an optimal Risk Management Process ensures the ongoing effectiveness of the ISMS. Many organisations include an independent and objective third party with cross organisational and industry expertise to optimise the operation of the Risk Management Process.

Incident Response Support

Implementing procedures and other controls capable of enabling the timely detection of, and response to incidents is essential to an ISMS and the principles of continuous improvement. Many organisations do not have the expertise and or resources to fully address this requirement internally.

Certification Audit Support

Having a Ntrust Security Consultant on-site during the certification audit phases simplifies the process and reduces the risk that non-conformities may be cited.


All our consultants are PECB certified.

Get in touch to plan, build and certify your ISMS