ISO Compliance & Consulting

Compliance with ISO standards has always been a cornerstone for organizational and enterprise security.

With a team of qualified ISO implementers and a Conformance Asssessment Body (CAB) accredited division, SpearIT can assist you throughout the whole ISO certification journey, from training and implementation to formal audites, accredited certification, and maintenance of your compliance status towards popular ISO standards:

ISO/IEC 27001:2022

ISO/IEC 27017:2015

ISO/IEC 27018:2019

ISO/IEC 22301:2019

ISO/IEC 20000:2018

Gap Analysis & Implementation

The appropriate documentation, including policies, procedures, manuals and forms are implemented according to your organizational and operational environment needs.

They are designed in a smart way to minimize the administrative effort and stay maintainable throughout the years.

Training

You employees are trained by SpearIT in order to become familiar with the newly developed system. The training is organized and carried SpearIT's instructors, targeting the various organizational departments (executives, marketing, sales, technical, administrative).

The final goal is for everyone to become familiar with the "new way" your company will operate, which will probably affect the way various employees operate. Keep always in mind that it is the management system that should work for you and not the opposite!

Internal Audit

A pre-certification audit is carried out by specialized in auditing procedures SpearIT staff. The goal of this process is to simulate the final certification, in order to detect and correct any non-conformances but also, make your company's employees feel a little more relaxed as they witness a real auditing scenario where they are actually asked for various evidence. This way, they become more confident during the final auditing procedure by the accredited certification body.

Accredited Body Certification

A date for the official audit process is scheduled, which is carried out by an accredited certification body.

Certified auditors will visit your company's location and perform various inspections regarding the documentation and the implementation. That means that they will look for evidence (logs, signed forms, e-mails, screenshots) or existing controls (access-control on critical areas, HVAC, fire extinguishers, availability of equipment) which prove that proper implementation of the procedures is taking place.

Upon complete inspection which usually lasts a couple of days, the certification body approves your certification or informs you about additional actions you shall carry out in order to become fully compliant.

Continuous Coaching

SpearIT continuously oversees your compliance status by:

performing recurring internal audits (annual internal audit is a requirement an many standards)
performing validation and assessment actions (vulnerability scans, penetration tests, business impact assessments, breach attack simulation)
consulting with key personnel regarding maintenance and improvement of your management system
proposing controls and ways to handle incidents or improve the efficiency of your asset management, patch management, etc.