What is an ISMS?

An ISMS is the means by which senior management control and monitor their security, minimize residual business risk, and ensure that security continues to fulfill corporate, customer and legal requirements.

ISO 27001 word cloud

The ISO 27000 series of standards are a catalog of international standards focused on information security and published by the International Organization for Standardization (ISO). The most prominent from the series is ISO 27001, a management standard that specifies how to build, operate, maintain and improve an information security management system (ISMS), and ISO 27002, which contains best practices and controls used as a companion to ISO 27001.

ISO 27001 has long been considered the global de facto information security standard and for good reason. It provides detailed requirements for establishing, implementing, maintaining and continuously improving an information security management system (ISMS) and offers a means by which certification against the standard can be achieved. Organizations certified to ISO 27001 have demonstrated that their ISMS is currently inline with global best practices.

Earlier versions of the standard heavily promoted the Plan-Do-Check-Act (PDCA) model for continuous improvement. While this has proven to be a successful model for organizations new to ISO 27001 process, recent updates to the standard now permit other models, such as Six Sigma. Other changes include harmonization with other management system standards including ISO 9001 (quality), ISO 22301 (business continuity) and ISO 31000 (risk management). These changes are great news for mature organizations that have implemented these management systems as it minimizes the overall number of requirements while streamlining process across the enterprise.

What are the phases of the PDCA Cycle?

  • Identify business objectives
  • Obtain management support
  • Select implementation scope
  • Define method of risk assessment
  • Prepare inventory of information assets to protect

  • Manage risks
  • Enact policies and procedures
  • Allocate resources and train staff

  • Monitor implementation of ISMS
  • Prepare for certification audit

  • Conduct regular assessment audits

38North consultants have extensive experience with a range of management system standards including ISO 27001, ISO 27002, ISO 9001, ISO 22301 and ISO 31000. For organizations that have implemented any one of these standards, we can leverage this experience to ensure all your management systems remain cohesive and interoperable with the ISMS prescribed by ISO 27001. This leads to greater process efficiencies, streamlined integration with your existing business practices and faster implementation.

In short, you win.

Our ISO 27001 services include:

ISO 27001 Gap Analysis: This is perfect for organizations that are unfamiliar with the ISO 27001 standard. Our ISO 27001 gap analysis explains the process while analyzing your information security program to see how it holds up against the requirements of ISO 27001 and the best practices and controls in ISO 27002. We also determine the cost to attain ISO 27001 compliance, identify any risks or challenges, and determine the critical action items you need to complete to prepare for certification.

ISO 27001 Certification Support. Are you preparing for your first ISO 27001 certification, but need a little help? 38North’s ISO 27001 specialists can deal with the ISMS assessor for you. We are well versed with all the quirks of the certification process and will expeditiously resolve findings so you can get your certification in the minimum amount of time possible.

ISO 27001 Remediation Support: This service is for companies that have undergone a recent ISO 27001 certification and need assistance with the planning, development and implementation of remedial measures. This can include implementing new technologies, policies, plans and procedures, or training programs.


Contact us for more information on how 38North can help you achieve and maintain ISO 27001 compliance.