CIMA has been offering ISO 27001 consulting services since our doors opened in 2005, and later complemented this by adding ISO 27001 certification training services in 2010 in partnership is a global certification body. Our staff has been using this standard in operational roles prior to CIMA, since it was first adopted by ISO in January of the year 2000, and as the British Standard (BS) 7799 prior to that. So, unlike many other consultancies, CIMA has using it on both sides of the fence, as an internal organizational security leader establishing an Information Security Managment System, and now as external expert consulting services provider. We rountinely get short listed in bids against big four (4) management consulting firms on engagement with medium and large companies, and work with many tech and other start up companies. This page highlights some of the key areas that clients typical engage our ISO 27001 consulting services for. 

Based on our proprietary structured methodology taught in our 5-day ISO 27001 Lead Implementer course, CIMA offers clients end-to-end services to support building, implementing, maintaining and continually improving an ISO 27001-based Information Security Management System. This includes helping you through the certification audit as well.

Our methodology is built around the "Demings Circle," more commonly known as the Plan, Do, Check, Act or PDCA model, designed to create a never ending and continually improving approach.

Having worked with many clients in a variety of industries including financial services, big tech, and foreign governments over the years, we know only too well that every organization is unique in its needs and capabilities. As a result, while we leverage our structured methodology, every client engagement is tailored to meet each client organization's unique needs. To address this, CIMA uses our four-staged client engagement approach.

To help get all key stakeholders on the same page before the project launch, CIMA's ISO 27001 consulting services can include providing private instructor led training. This will allow your team to learn about the standard, while allowing them to speak freely on relevant internal issues throughout the course, which would not be possible at public seminars involving students from other organizations. For larger organizations, we have setup multiple private onsite training sessions to accomodate teams with conflicting time commitments as well. We can provide our one-day ISO 27001 Foundations, our 5-day ISO 27001 Lead Implementer course, or create a custom course to meet your organization's unique needs.

Quickly get a clear picture on your ISO 27001 compliance status using CIMA to perform a thorough gap assessment of mandated controls, as well as our add-on service to assessment employee competency for those supporting the organization's information security management system.

Our gap assessment not only assesses compliance, but using a custom capability maturity model aligned with requirements of the standard, we also include a control-based maturity rating to determine the depth of compliance and avoid false confidence in the organization level of compliance to the standard.

One of the key areas at the forefront of any ISO 27001 implementation is to develop an ISO 27001 / 27005 compliant risk assessment methodology or process. The challenge for many new comers to the the ISO 27001 world is that a risk assessment must be performed at the forefront, and the standard mandates that when performing these and other key security management activities, the approach must be able to yield accurate, complete and repeatable results. In the absence of a documented and standardized approach that is also compliant with the ISO 27005 risk management framework, this is a very hard task to accomplish.

One of the key requirements related to ISO 27001's mandated Awareness and Training obligations for organization claiming compliance to the standard, is to provide all organizational employees with foundational information security training. So, not only can we help you build your entire organizational Awareness and Training Program, but we can also help you address training employee information security training needs. To assist clients to meet this obligation, in 2006 we developed SecureTeam™, a custom e-learning package. In 2022, CIMA coverted this product to a Software as a Service in response to demand by small tech start up companies.

SecureTeam™ is a customizable e-learning solution designed to train geographically diverse employees in a cost effective manner, while addressing policy issues orginating from ISO 27001 controls. Clients get regular reports from the system to monitor employee progress and completion. For complete details, please visit our product page by clicking here or on the product image to the right.

To help clients get up and running with their Information Security Management System, as part of our ISO 27001 consulting services, we specialize in developing your organization's complete set of Information Security Governance, including the program's information security charter, policy, standards, processes and procedures. We offer both custom build governance from scratch where the client owns the intellectual property upon client's acceptance of the deliverables, as well as offering a licensed custom developed set from our governance templates at significantly reduced time and cost. The latter is especially appealing to our tech start up and medium sized clients, as well as those with a short window of time to achieve certification due to compliance obligations. 

No matter what your circumstances are, we can help you get the information security governance in place that will get you to pass that certification criteria.

Once the full scope of controls is understood, we can help your operations teams implement or provide guiding support for controls required to help meet your compliance obligations. 

Support is available for both traditional and cloud-based system. As part of this service we can document technical or functional requirements, assess technical solutions for the righ fit, assist or support your personnel in their implementation, and create operational procedures for these systems, mandated by the standard.

A mandatory requirement of the standard is the development, implemenation and ongoing maintance of a security metrics or performance management program, for controls implemented under the organization's Information Security Management System.

Using our proprietary methdology for Security Metrics Program development, we will work with our team(s) to define performance measurements and define a standardized process and supporting procedures for defining and gathering of measurements, analysis and subsequent reporting, to determine their operational effeciency and the Information Security Management System's overall performance against established objectives.

A mandatory requirement of the ISO 27001 standard is the development of an Internal Audit Program focused on auditing the controls of the Information Security Management System. Using our proprietary tools, we will develop and license a custom Internal Audit Program set to help your organization meet the mandatory requirements of ISO 27001 and 19011, among others. 

We'll help to setup your Internal Audit Program, with a our proprietary document process, forms, job and competency descriptions, and others mandated by the standards.