Information Security Management System

Compliance Council build and develop Information Security Management Systems (ISMS) across a number of industries, with a particular focus on financial, legal, education and training, as well as organisations offering their Software as a Service (SaaS). ISMS' are generally required to meet one or more of the below standards:

• ISO 27001:2022 - International Standard for Information Security Management Systems.
• GDPR - General Data Protection Regulation.
• NIST - National Institute of Standards and Technology Cybersecurity Framework.

We understand that the key to successfully developing and implementing a Management System is understanding the organisation's current processes and actions relevant to their information security and cyber security requirements. As such, Compliance Council offer two Management System options – the provision of a standardised ISMS framework, or the development of a bespoke ISMS framework.

Compliance Council offer a standardised set of management systems based on our 10 years of operation that have been assessed across the toughest of auditors and certification bodies. These standardised systems are designed for organisations who have limited existing documentation and require provision of intellectual property to meet standard requirements, saving time and effort for all parties.

We also offer a bespoke management system development service which includes the assessment of the organisations existing documentation, identification of gaps to the standard, and development of new and existing documentation to a new management system that is tailored to meet the requirements of the organisation. The benefits of developing a bespoke ISMS include:

• The detailing of ISMS related processes in an easy to understand format.
• Procedures and policies tailored to suit the organisation, improving worker understanding and ability to navigate the system.
• Internal auditing activities become more effective as they are assessing current business processes that have been verified and agreed to by key organisational personnel.
• Ability to document the use of management system applications to distinct areas of the system, such as JIRA, Confluence, ServiceNow and others.
• Improved ability to achieve and maintain ISO certification

A key factor for building a management system is the consultant's ability to understand the organisation's activities and develop a management system that aligns to current business processes. We achieve this by:

• Hiring our workers as permanent employees, not using contractors as labour.
• Ensuring all work undergoes quality assurance by a Director or other management personnel.
• Training and development of our staff on industry best practices, lessons learnt from previous projects and other continual improvement activities.
• Provision of a compliant management system framework for each consultant to build from.

Other matters to consider when developing a ISMS include:

• A timeframe of approx. 6 - 9 months from commencement of project to completion (often completion is certification to the above referred ISO standards).
• Which certification body you would like to be certified by (we recommend the certification body is JASANZ accredited).
• The commitment of management personnel to the successful development of the HSEQMS including time and access to key workers throughout the organisation, and execution of assigned actions.

What we can do to help you get started:

• Have a 20 - 30 minutes Teams call with your key management personnel to discuss your organisation and its requirements, and discuss typical project methodologies, durations and budget expectations.
• Provide a detailed scope of work detailing deliverables and time allocated by Compliance Council for each step of the process.
• Provide you recommendations to certification bodies based on your objectives and requirements, or communicate audit requirements to your existing certification body.
• Roadmap the journey to certification upon commencement by provision of a detailed project plan.