cns-logo-hut3cns-logo-hut3

Information Assurance

ISO 27001 Consultancy



As part of the ISO 27001 consultancy service, our CNS Hut3 experts will fully explain the workings of the standard to your team and then assess the correct context for the standard in your organisation.

Case Study: Bird & Bird ISO27001


There is more information about our ISO 27001 services below, however if you'd like to have a chat with one of our experts please feel free to call us on or get in touch online.

ISO 27001 Strategy

There are many reasons why organisations might consider ISO 27001. Organisations are under increasing pressure to demonstrate effective Information Assurance, from regulators, employees, customers, legislative & enforcement bodies, business partners and prospective customers (in the form of tender requirements). Increasingly, the business that cannot easily demonstrate effective IA is the business that will be excluded from tenders, attract the interest of the regulator and, in general, find itself under increased and increasing scrutiny.

In the search for effective and demonstrable IA, ISO/IEC 27001:2005 and the supporting family of standards have become the common point of reference across industries and across international boundaries. The CNS Hut3 ISO 27001 strategy offering will explain the workings of the standard, assess the correct context for the standard in your organisation, brief senior stakeholders and outline the effort and overview roadmap to the implementation of an effective Information Security Management System (ISMS) in your organisation.  The strategy phase will also assess whether formal accreditation is the goal or whether simply implementing the ISMS is the desired outcome.

ISO 27001 Scope

Following on from the strategy phase, it is important that a clear scope is defined for your ISMS in order to ensure a successful and effective implementation project, whether accreditation is sought or not. CNS’s consultants will aid you in defining a scope that is sensible, internally consistent and achievable.

ISO 27001 Blueprint/Gap

The aim of the gap analysis stage is to review the current state of the in scope areas of the business against the controls and requirements of ISO 27001, highlighting the areas that currently meet the requirements and the areas that they are currently falling short. This is a key phase as it will allow both CNS and you to identify where resources will need to be assigned during the project. The output from this stage is a report that details the findings of the gap analysis and prepares the initial Statement of Applicability (SoA).

These findings will be broken down against each of the requirements stated within ISO 27001 and a remediation activity will be suggested for each area.

ISO 27001 Remediation

For an organisation implementing their first ISO 27001 ISMS there are likely to be a number of  actions required to achieve the desired outcome, particularly in the governance arena. CNS are happy to play any role in the remediation phase, from ad-hoc consultancy, to planning and ownership of all remediation actions and any point in between. At all times, CNS is focused on ensuring the implementation of an ISMS that can be maintained over time and provide effective IA for the client.

ISO 27001 Pre-Assessment Review

To reduce the risk of failure and the time and cost of re-audit, your company may benefit from using our 'Pre-Audit Assessment Service'. This entails a visit prior to Certification Audit which will highlight any areas for improvement and give you a report explaining what you need to do to attain and even exceed the degree of compliance required to pass your Certification Audit.

ISO 27001 Training

Our ISO 27001 training is built upon our extensive practical experience of delivering a multitude of ISO 27001 related projects across a multitude of sectors and business sizes. Our experience of implementing and designing an effective information security management system (ISMS), in the 'real world' is the foundation of delivering our quality education to our delegates from both private and public sector organisations. As with our consultancy, while our training is thorough and attentive to detail, it has pragmatism at its heart.

ISO27001 Lead Auditor

IS0 27001 Lead Auditor

CNS Hut3 employ a number of certified ISO27001 Lead Auditors.