Are you looking for a way to implement SOA, ISO 27001 and ISO 20000-1 standards but feel overwhelmed by where to start?

We will guide you through the process in a clear and organized way.

The most effective and practical strategy begins with the implementation and certification of the ISO 9001 standard. This is a good starting point, as it establishes a solid quality management system that can serve as the basis for incorporating other standards.

Once you have strengthened your ISO 9001, the next step is to integrate the ISO 27001 standard. This standard focuses on information security management and effectively links with the existing ISO 9001 framework.

Within this world-class model, it will be necessary to prepare the document known as the Statement of Applicability (SoA). The SoA is a detailed list of the security controls specified in Annex A of the ISO/IEC 27001 standard. In the 2013 version of this security standard, 114 controls are presented, grouped into 35 control objectives.

Once you have defined your SoA, you can conduct a thorough risk analysis, considering both current and residual risks. This assessment will allow you to create a risk matrix and, from there, develop an action plan to implement the necessary controls.

We're here to help you navigate this complex ISO standards model. Please don't hesitate to contact us so we can embark on this journey together.