ISO 27001 Compliance

The ISO 27001 standard for information security is intended to assist organisations implement and then continually improve information security. Because of the constantly changing threat landscape, this continual improvement is vital to maintain adequate levels of information security protection. A proven model for achieving continual improvement is the Plan, Do, Check, Act cycle. Trusted Cyber recommends this approach and has extensive experience in assisting organisations in all phases of this cycle.


Plan (establish the ISMS):

• gap assessment


• project planning


• scope definition


• high-level information security policy, including security objectives





• risk methodology


• risk assessment


• risk treatment plan


• determine how to measure effectiveness

Do (implement and operate the ISMS):

• information security awareness and training



• monitor and measure ISMS


• information security documentation

Check (monitor and review the ISMS):

• internal audit


• ISMS management review

Act (maintain and improve the ISMS):

• implement corrective actions