Information Security Advisors

The new ISO/IEC 27001:2022 Version is Here-Talk to an ISO 27001 Consulting Expert Today.

Our Services

ISO 27001 Information Security Management System Development

Whether the organization has been around for 50 years or five months, implementation of an ISO management system will impact the business and those who support it. ISMS LOGIC makes this statement to ensure the leadership of the organization understands and accounts for more than writing a few documents and checking the boxes. Creating an ISO management system requires the organization to make some key decisions prior to seeking certification. First and foremost is defining specific roles and responsibilities, not only to support the implementation, but ownership of processes – both existing and new. Every standard supported by ISMS LOGIC requires leadership commitment to ensure resources (human, technical, information and financial) as well as active engagement. Improvement to or creation of a risk management program is the cornerstone of a successful implementation. Risks are identified within the business, processes, staff, suppliers, customers and interested parties. Actions need to be taken to reduce the identified risks. While these are key elements, there are many more.

Implementation of an ISO management system requires an understanding of the requirements of the standard and guidance on interpretation as to how to best implement a requirement to meet your business needs. ISMS LOGIC consultants possess expertise in the standards we support and are experienced business professionals as well. This winning background provides an organization a relevant and efficient model of support to remediate the gaps and allows the ISMS LOGIC team to execute the following services:

Facilitated sessions on core topics. We spend an agreed amount of time (both onsite and virtual) with our clients reviewing a specific requirement, the expected outputs and the necessary decisions (e.g., risk workshop).
Templates for common work products. Many standards have required documentation expectations. ISMS LOGIC has created core templates that allow you to tailor to your own requirements and details. This saves both time and money in “re-inventing” required elements.
Review of client documentation. Whether it is a completed tailored template or proprietary documentation, the ISMS LOGIC consultant will review and provide edits to help ensure you meet the requirements of the standard(s).
General subject matter expertise. Throughout the implementation phase, our consultants provide client support with best practices, subject matter expertise and resources for additional knowledge.

Certification Support

Critical to ensuring an organization creates a management system that is relevant, sustainable and effective requires taking the time to identify the proper scope for certification and then perform an assessment of the current state to that of the chosen standard.

The scope and assessment service is a multi-step engagement that focuses on education and data analysis. ISMS LOGIC works with client’s leadership and process owners to identify the proper scope of ISO certification. Identification of the human, technical, information and financial resources that will be supported under the certification is critical to identify prior to completing the assessment. ISMS LOGIC will then access the current state of those scoped elements specifically to the requirements of the standard. Based on the identified gaps, an implementation plan will be created.

ISO 27001 Internal Audit

ISO management systems have a number of stated requirements which generally are new to an organization’s regular mode of operations. One of the key requirements is for internal audit of the ISO management system against the scope of certification. If an organization is already subjected to audits for other regulatory or compliance requirements, they understand the benefit and impact of review. ISO audits, however, are performed based on a sampling method and under the guidance of ISO 19011 for auditing. Some standards provide additional guidance documents for audit. The internal audit program created for the ISO management system must have, at a minimum, the elements required under clause 9.2 of the standard. Organizations can train and utilize internal resources or hire outside internal auditors. For the latter, consider ISMS LOGIC as your preferred provider.

ISMS LOGIC provides internal audit services to support multiple compliance frameworks. Our team of auditors is well-qualified through education, professional credentials, and additional work experience. ISMS LOGIC is recognized by multiple registrars as an associate consulting partner.

ISO 27001 External Audit Support

The final step to initial certification or the continuation of certification are the audits performed by an accredited Registrar. These are called External Audits. The external auditor evaluates the activities of the organization against the standard and the business requirements as defined for the scope of certification. Whether your organization is a manufacturer or service provider, the relationship between the external auditor and the auditees is essential to providing proper evaluation. To assist with support of audits, the ISMS LOGIC consultant will be onsite for internal support during the external audits. The external auditor generally accepts the presence of the consultant, but makes it very clear that the audit is with the organization and not with the consultant.

Standards & Frameworks Education

As lifelong learners, ISMS LOGIC creates and supports industry-specific training to increase not only our own knowledge but to support our clients’ requests for ongoing education. We provide our educational programs both as public offerings and as onsite training to your organization. We can tailor our sessions to your specific requirements. Our core educational offerings include:

Standards & Frameworks Training.
Internal Auditing Training.

Managed Services

We provide a managed service model to support multiple opportunities to support an organizations ongoing compliance requirement and Regulatory requirements. The effort to become compliant took extensive time and money. The effort requires continual improvement and ongoing management and review.

We provide a managed service model to support multiple opportunities to support an organizations ongoing compliance requirements.

Retained Services of a Virtual CISO

ISMS LOGIC ’s vCISO is designed to help businesses take control of security strategy. To develop a security program which aligns with business motive and guards sensitive information, strengthens brand reputation and protects customer data.

This enables the Information Security Department to focus on critical IT projects, while still ensuring that security is being driven forward. ISMS LOGIC virtual Chief Information Security Officer (vCISO) service allows you to leverage the executive leadership skills of an ISMS LOGIC security and compliance expert who has previous practical CISO experience.

ISMS LOGIC experts serve as confidential thought partners allowing your executives the opportunity to brainstorm, cross check ideas, and get advice from industry leaders.
vCISO is a tailored information security program that delivers expert security leadership with a supporting team of analysts and consultants to solve unique security challenges

Retained Services of an ISO Manager

All ISO management systems require leadership to assign roles and responsibilities to ensure the ongoing sustainability and continual improvement for the scope of certification. In many cases, these requirements are added to an existing corporate role. At some point, the effort may be too much, the person changes positions or leaves the organization, or the organization adds more ISO management systems. Clients have given this role a variety of titles (QMS Manager, Information Security Officer, Service Manager, etc.). Whatever the title, the activities are essential for timely, ongoing maintenance; communication; and review of the ISO management system. When an internal resource cannot be dedicated, we offer a retainer service to perform the ongoing quality/compliance management tasks required by your ISO management system and your organization. ISMS LOGIC will assign to you a dedicated, experienced team member who will act as an outsourced extension of your management system. This individual will work both virtually and onsite to perform daily, weekly and monthly tasks to help ensure ongoing compliance of your management system(s).

Retained Services of Compliance Manager

Beyond ISO, the requirement for an organization to maintain the compliance requirements to Information Security, Documentation, Training, Audit and Communication can take a variety of skill sets that may or may not be present within the current staffing. The ISMS LOGIC team can come together to provide these skills on a retained basis. Whether one or more resources, we will work both virtually and onsite to perform daily, weekly and monthly tasks to help ensure ongoing compliance.

Managed Services

While maintaining compliance is a necessity, organizations today are looking to maximize their use of resources and reduce costs. Partnering with ISMS LOGIC to support ongoing compliance provides you with proficient and seasoned resources to assist with required compliance activities.

More now than ever, customers are mandating that in order to do business with them, an organization must meet and maintain a specific level of compliance to known standards, regulations, legislation, etc. Without ongoing oversight, it is increasingly more difficult for both the customer and supplier to ensure that compliance continues to be met.

ISMS LOGIC continually follows new mandates and initiatives within the areas of:

NIST 800-53
Risk Management
Privacy
Cybersecurity Strategy
HIPAA-HITRUST
PCI-DSS
SOC 1&2
CSA STAR

We have vast experience with clients in Energy, Advertising, Marketing, Federal Contracting, Technology and Health IT to name a few.

We are able to lend our expertise to both industry and the supply chain to assist in becoming compliant or helping to ensure the supply chain remains complaint.

With our deep knowledge of Information Security, Cybersecurity, IT Service Management, Quality Management, Business Continuity, Private Security, CMMI, Physical Security and evolving CMMC requirements, the ISMS LOGIC team can provide the following services:

Consulting. Do you receive multiple security questionnaires that require several hours to complete? Did you receive a letter from a client or another entity stating you must comply with a new or updated mandate? Are you unable to find the depth of answers to questions posed on the internet? The team of experts at ISMS LOGIC is always eager to share its extensive knowledge, whether you simply need a briefing of details or in-depth access to one of our subject matter experts. Contact us to identify the best solution to meet your needs.

Internal Audit. ISMS LOGIC can be your 2nd party compliance audit team to create a program and audit your organization, suppliers, integrators and partners as needed. Take advantage of ISMS LOGIC’s extensive experience and qualification in compliance internal audits. We are lifelong learners and participate in multiple industry associations to ensure we are focused on potential and related issues. We remain committed to areas in which we excel. We have adapted our methodology to support audit requirements of specific compliance other than ISO.

Business Continuity Table Top Exercises. Whether you have an ISO requirement to maintain and test a Business Continuity Plan (BCP) or just have a corporate requirement to do so, ISMS LOGIC Compliance has extensive Business Continuity Management expertise and supports multiple industries with Table Top Exercises. Our service will identify current trends, local risks and input from the organization to test the BCP and emergency response against a timed scenario. The output would be a summary of the event with outcomes and concerns. An organization can use this information to improve and continue to educate.