Compliance assessment and implementation of the information security management system according to the ISO 27001 standard

In Consulting

The information security management system (ISMS) – a powerful and effective tool that is based on a risk-oriented approach and promotes the practice of continuous improvement, which helps to proactively implement relevant and effective means of protecting the information environment of companies.

The ISO 27001 standard is the world's leading practice for information security management and is widely used by many companies. According to the statistics of such organizations as IT Governance, PECB, and Advisera, the number of organizations certified according to the ISO 27001 standard grows by an average of 15-20% every year. In addition, some industries, such as banks and the financial sector, according to the regulatory requirements of Ukraine, must meet the requirements of this standard.

Related topics Cybersecurity

How EY can help

We offer our clients to join the large family of companies that have implemented ISMS according to one of the leading information security management practices - ISO 27001.

For organizations that are just starting their journey in building information security, we help determine the main threats, external and internal factors of influence, plan the implementation of ISMS and carry out the planned actions.

In case a company has already implemented certain practices and wishes to understand their effectiveness and degree of compliance with the requirements of the standard, we will be able to provide an independent assessment and recommendations for bringing these practices into compliance with the standard.

When the company is ready for the certification, we can conduct a diagnostic audit, prepare for a certification audit, and perform certification for compliance with the ISO 27001 standard by EY Certify Point, an accredited independent certification body.


What we do

We assess the current state of the ISMS and its degree of compliance with the ISO/IEC 27001:2013 standard according to two basic components: ISMS Organization (measures for system planning, which are described in the main part of the standard), and ISMS Implementation (measures for building protection elements, which are described in Appendix A to the standard). After identifying non-conformities with the standard, we develop recommendations for their elimination and, if necessary, help our clients to implement them.

Depending on the client's needs, we can offer the following areas of service:

  • ISMS implementation

    We help plan and implement all organizational elements, develop regulatory documents, design and implement all control measures, facilitate all activities throughout the ISMS life cycle.

  • ISMS diagnostic

    We approach diagnostics with the same meticulousness as we do certification audits. We conduct an assessment, identify inconsistencies, provide recommendations for their elimination, and a prioritized roadmap. In addition, we can check the effectiveness of the implementation of the recommendations, or help in their implementation.

  • ISMS certification

    We conduct a certification audit of the ISMS by the forces of an accredited independent certification institution and provide a certificate in case of successful fulfillment of the requirements of the standard. The certification consists of a 3-year cycle (certification audit and 2 accompanying ones).

Why EY?

Our team has vast experience in the implementation of various information security projects, including those related to the assessment and implementation of ISMS. The Ukrainian team has completed more than 10 such projects over the past 5 years for local and international companies and includes many certified experts.

Contact us

Interested in the changes we have made here,

contact us to find out more.