ISO 27001 Consultants
Specializing in the design, development, implementation and on-going support for ISO 27001 based Information Security Management Systems, as well as other ISO standards.
ISO 27001 Consulting Services
ISO 27001 Consultants is a division of CIMA, offering a variety of management consulting services to help clients realize business goal. In provisioning these services we specialize in the design and development of information technology management and assurance programs, their governance, and its implementation. These services are focused on helping client work towards organizational alignment, and where appropriate certification to established standards and regulations and include:
Business Case Preparation Support
Project / Program Management Support
Development & Implementation Support
We assist clients incubate programs in a variety of focused areas, which are taught by our sister organization ISO 27001 Trainers as ISO-based certification courses. These area include:
ISO 20000 - IT Service Management System
ISO 22301 - Business Continuity Management
ISO 27001 - Information Security Management
ISO 27005 - Security Risk Management
ISO 27034 - Application Security Management
ISO 27035 - Security Incident Management
ISO 28000 - Supply Chain Security Management
ISO 29100 - Pivacy Management
ISO 37500 - Outsourcing Management
To help you understand where your organization's operational control posture is, compared to a specific standard or regulation, we conduct assessments of mandated management and technical controls. In addition to identifying what is and is not in place, we also work with our clients to understand the depth of control implementation through the creation of, or use an existing capability maturity model (CMM) in the client environment. This approach provides far greater value to clients to help understand the full and true effort needed to achieve program goals.
We are also able to extend the scope of a gap assessment to working with our client's operational teams to perform an impact assessment of gaps, to ensure our clients are able to articulate develop a qualified program budget proposal to the organization's leadership.
To help our clients achieve focus and ensure the success of business goals, we offer management consulting services to help you build a winning strategy and supporting business case for your standards and regulatory driven program. This is done in a collaborative approach between the our engagement team and your key leadership stakeholders, following a gap assessment.
Where not in place, we help clients design an enterprise steering committee, establish the committee's charter document and engage target participants from the organization's management team.
Business Case Preparation & Presentation Support
In most cases, you have one shot at presenting your business case to top management for support and sponsorship. We provide management consulting support to help you design and develop a winning presentation package for your leadership presentation, focusing on Senior Leadership and Board, as well as other stakeholder groups as required.
Program Management Support
Many of our clients are already inundated with existing operational commitments and are understaffed, however customer, business partner, or regulatory expectations dictate the compliance with one or more standards or regulations that are currently not aligned with the business operations. We provide resource support on the ground to help you manage the implementation of programs based on your standards and regulatory requirements. Our Program Management support will work with you and other leaders in your organization from start through to full implementation, and as required, assist you with a transition plan to migrate program components to operational owners. Our resources have substantial Program Management experience in the development and rollout of information technology management and assurance standards and regulatory driven programs.
Program Development & Implementation Support
Every program has various moving pieces, some of which are similar from one standard or regulation to the next, and some are very unique. We help clients design and develop any and all components of their program. Areas include:
Governance Framework Development
Many companies jump into developing their governance documentation without establishing a clear understanding of their governance scope. By way of example, ISO 27001 has a mandatory requirement that the organization perform a Legal and Regulatory review and encompass all such requirements into their governance framework. In order to achieve ISO 27001 organizational certification, the organization must provide evidence they have performed this review and incorporated all requirements into their new governance framework. CIMA has experience working collaboratively with client legal, business and technology leaders to help them accomplish this and yield a structured governance framework, from which all other governance can begin to be developed. The framework model approach that CIMA uses to assist clients, provides a hierachal structure allowing various author and approving authorities at different levels of the framework. As part of the deliverables we yield first and foremost a control catalog, and from there construct the framework in a logical and structured fashion. As needed we also assist clients in the development of a process to develop and approve governance components.
Similar to its use in the Project Management world, a Program Charter establishes the mandate for the program, as well as, fundamental roles and responsibility for its development and maintenance. Through a collaborative approach, we help clients develop the organization's Program Charter to ensure it has a solid foundation, and inter-departmental support is assured. One of the critical aspect of the Program Charter is the demonstration of alignment to the business' critical objectives. When we work with client, we ensure a clear demonstration of Program to Business goals is articulated so the Program's value is understood all the way up to and including the organization's Board.
It is well understood by today's business community that a policy is a statement of management's expectations. Across the board, ISO standards and regulations dictate the development of a policy to communicate to the body of the organization and other stakeholders, the need for and adherence to a set of controls related to the mandating standard or regulation. We help clients collaboratively draft and socialize a policy document to ensure stakeholder buy-in.
Standards are, in their simplest form, a collection of theme-based controls. We work with clients to follow on from the work in the Governance Framework effort to develop individual heterogeneous policy standards, meaning they are technology agnostic. During this work, once we have developed a satisfactory draft standard, we facilitate an internal client focus session to review the document based on three factors, namely that each control statement in the document is:
For an organization's operational technology teams to understand how to configure and maintain technology solutions in a standardized fashion that meet stated expectations of a standard, organizations must develop technical standards articulating how the requirements of a given standard are to be achieved. We work with client technology teams and empower them to develop technical standards for individual technology environments through the development of standardized templates and offering facilitation approach.
Processes are an organized set of actions designed to achieve a specific outcome. All standards and regulations, either implicitly or explicitly mandate specific processes in order to achieve compliance. CIMA helps clients in a collaborative fashion to develop process documentation to meet the spirit and intention of standards and regulations.
Procedures are detailed sub-activities of a process, typically that drill down into one step of a process, which are a set of integrated tasks.
In many cases, organization must reach to technology to help solve stated control requirements from standards, legal and regulatory requirements. CIMA helps clients define technology requirements before its technology staff begins solution evaluation to help ensure appropriate alignment with the requirement. Typical engagement activity, provides for the client's technology teams selecting evaluating and selecting solutions autonomously, with CIMA's team validating it meet the stated requirements.
Awareness and Training
No matter whether implementing management or technical controls, ensuring a smooth rollout is critical to the Program's success. We help clients build awareness and training tools to achieve program goals.
ISO 27001 Consultants' professional mentoring program, where our instructors take their knowledge and experience out of the classroom and bring it into your office.
Some customers have fiscal contrains, or are already adequately equiped to manage most of the planning and implementation activities using internal resources, but still need that sounding board and high-level guidance, but only on a limited basis. To in this regard, we provide a program coaching service. This service is intended to serve as mentoring or coaching support, to program managers and others responsible for the delivery of an ISO based Management System. They can however be used to support the creation of specific deliverables or facilitation services e.g. host a focus session to aid in the creation of the Management System's scope statement, management system strategic planning activity, development support for high-level planning documentation for senior management and Board presentation, etc.
Our coaching service is a pre-purchased bundles of hours in increments of 40 hour, to meet your custom needs.
With the growing legal and regulatory landscape, inconjunction with customer demands for ISO standards certification Information Technology and Security Leaders have to manage, there comes and equal driving force to reduce operational and project related costs.
Developing and maintaining a project resource pool internal and contracting external project teams with defined scope statements can be cost prohibitive. Staff Augmentation allows clients to scale as needed throughout the year to meet business committments and deliverables. This allows our clients to quickly scale up and down based on planned projects throughout their fiscal cycle.
This affords the flexibility of meeting obligations, without the imposition of a fixed scope, and allows these resources take day-to-day direction from our clients directly. CIMA provides certified professionals to work with you and your team onsite and remotely, to help control costs and meet your business goals.
1722 Sheridan St., Hollywood, FL USA 33020
Tel: 305-744-5447 / 866-553-3779
For any general inquiries, please fill in the following contact form: