ISO 27001:2022 - Information Security Management System (ISMS)

Secure your data. Strengthen your trust.

7

ISO 27001:2022 is the leading international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).

It provides a structured framework for managing sensitive business information. It covers people, processes, and technology to ensure data integrity, confidentiality, and availability. By achieving ISO 27001 certification, organisations demonstrate a proactive commitment to data protection, risk management, and regulatory compliance.

Key Elements of ISO 27001:2022

  • Risk Management
    A robust, structured approach to identifying, analysing, and mitigating information security risks across all organisational areas.

  • Annex A Controls
    Ninety-three (93) controls grouped into four themes – Organisational, People, Physical, and Technological – providing comprehensive coverage against modern security threats.

  • Statement of Applicability
    A documented summary mapping your organisation’s chosen controls to its unique risk landscape and operational context.

Benefits of ISO 27001:2022

  • Enhanced Customer Confidence
    Prove to clients and stakeholders that your organisation safeguards information and values their trust.

  • Regulatory & Legal Compliance
    Aligns with global privacy laws including GDPR, POPIA, and HIPAA, reducing exposure to legal or financial penalties.

  • Improved Risk Governance
    Promotes a consistent, organisation-wide approach to assessing, managing, and monitoring information security risks.

  • Operational Resilience
    Minimises data breaches, downtime, and service disruptions through better control and monitoring.

  • Competitive Differentiation
    Builds credibility and confidence with prospective customers, especially in sectors handling sensitive or regulated data.

TotalCert Consulting’s Services for ISO 27001:2022

Gap Assessment

  • We begin by conducting a Gap Analysis to identify where your current information security practices diverge from the requirements of ISO 27001.
  • This assessment helps identify vulnerabilities and areas that need improvement, setting a clear path toward meeting ISO 27001 standards.

Policy and Procedure Development

  • We work with your organisation to develop customised policies, procedures, and documentation that align with ISO 27001’s requirements.
  • This includes creating an Information Security Policy, Risk Assessment Methodology, and Risk Treatment Plan, as well as developing controls for secure data handling, employee access, and third-party management.

Risk Assessment and Treatment

  • Our experts assist in identifying and evaluating risks, followed by developing a Risk Treatment Plan to mitigate them.
  • This involves implementing necessary controls and establishing processes to monitor these risks continuously.

Implementation Support

  • We guide your team in implementing the defined controls and measures, ensuring that processes and technical systems comply with ISO 27001 requirements.
  • We also provide support in conducting asset inventories and setting up effective information security processes.

Training and Awareness

  • Awareness Training: We provide employee training programs to raise awareness of information security, highlighting how staff can contribute to protecting information.
  • Lead Auditor Training: We offer lead auditor training to internal auditors to help your organisation conduct effective audits and maintain compliance independently.

Internal Audit and Management Review

  • Before pursuing certification, we conduct internal audits to assess compliance with ISO 27001 and identify any gaps.
  • Following the internal audit, we facilitate Management Review Meetings to ensure leadership commitment and address any residual issues.

External Audit Facilitation

  • Audit Coordination: We coordinate with a globally Recognised certification body to conduct an external audit.
  • Audit Support: Our team provides hands-on support during the audit, addressing auditor questions and ensuring a smooth audit process.

Certification and Beyond

  • Accredited Certification: At TotalCert Consulting, we only work with globally Recognised certification bodies accredited under the International Accreditation Forum (IAF), ensuring that your certification is accepted worldwide.
  • Post-Certification Compliance: After achieving certification, we continue to support your organisation by conducting periodic surveillance audits, policy reviews, and improvement activities to maintain compliance.

Typical Project Timeline

Implementation timelines vary by organisation size and system maturity:

Small businesses (≤ 20 staff): ≈ 3 – 4 months

Medium enterprises (20 – 250 staff): ≈ 4 – 6 months

Large or multi-site operations: 6 – 12 months

Every engagement begins with a detailed roadmap tailored to your goals and available resources.

Why Choose TotalCert Consulting 27001 ?

End-to-End Support

From initial gap analysis to successful certification and beyond.

Accredited Partners

Work only with trusted, globally Recognised certification bodies.

Audit-Ready Documentation

Practical templates built around your real operations.

Expert Guidance

Experienced consultants with proven industry expertise.

Long-Term Partnership

We help maintain and evolve your ISMS post-certification.