01 What is it?
ISO/IEC 27001 is the international standard for Information Security Management Systems, the global baseline for trust in regulated industries. ISO/IEC 27701 is the privacy extension that maps the ISMS to GDPR and the broader privacy regime. I have led group-level ISO 27001 certification programs across diversified holdings.
02 Why implement it?
- International baseline for information security
- Strong signal for customers, partners, regulators and investors
- Maps cleanly to SOC 2, NIST CSF and most regulatory regimes
- 27701 extends the ISMS to GDPR and global privacy laws
- Audit-ready, certifiable by accredited bodies
03 How I help
I help organisations design and implement an ISMS aligned to ISO 27001 and 27701: gap analysis, policy and control framework, risk register, Statement of Applicability, lifecycle controls and the readiness pack for certification audit.
04 Expected deliverables
- Gap analysis against ISO 27001 and 27701
- ISMS policy and control framework
- Risk register and Statement of Applicability
- Lifecycle controls and evidence pack
- Certification-readiness assessment