ISO27001 Pathway Program

The affordable way to prepare for ISO27001 (in your own time).

Assess, Report, Improve & Certify ... to Power Growth

ISO27001 Pathway Program

In today’s digital age, safeguarding your company’s cyber and information security is paramount, especially as cybercrime continues to escalate. Navigating through the myriad of security measures available can be daunting, particularly for startups and SMEs looking for an efficient and cost-effective approach.

Enter the ISO27001 Pathway Program – Designed with startups and SMEs in mind, our program stands as the most accessible and affordable way to gear up for ISO 27001 readiness. It’s a self-managed program that allows you to work at your own pace, backed by an extensive digital library filled with invaluable resources and access to a marketplace of experienced professionals, offering expert assistance whenever needed. This unique blend of self-guidance and professional support streamlines an affordable approach towards achieving ISO 27001.

The ISO27001 Pathway Program isn’t just a tool; it’s a comprehensive framework that helps you protect your data with confidence and ease. It’s time to elevate your cybersecurity standards and build trust with clients, partners and investors in an increasingly digital world.

How it Works

ALL PROGRAMS include access to a digital library of amazing tools & resources

This Program Includes

  • 14 Components
  • FREE Smart Self Assessment
  • FREE Risk Report: High-Med-Low
  • Action Management Module
  • Digital Library of Resources
  • 24/7 Access: Mobile & TV

Optional: Program Review & Certificate of Assessment​

Program Modules

A.5 - Information Security Policies

This section emphasises the establishment of policies to govern the management of information security. It requires an organisation to define, approve, publish, communicate, and regularly review its information security policies. These policies should provide a clear direction and support for information security in line with business requirements and relevant laws and regulations.

A.6 - Organisation of Information Security

A.6 focuses on the internal organisation of information security. It covers the allocation of responsibilities for information security, the establishment of a framework for information security management within the organisation, and the management of internal and external issues that can influence information security.

A.7 - Human Resources Security

This section deals with ensuring that employees, contractors, and third-party users understand their responsibilities and are suitable for the roles they are considered for. It covers the entire lifecycle of employment, from pre-employment screening to termination or change of employment, emphasising the need to protect against theft, fraud, or misuse of facilities.

A.8 - Asset Management

A.8 addresses the need to identify organisational assets and define appropriate protection responsibilities. It includes classifying and handling assets to ensure their protection, focusing on information classification, media handling, and responsibilities for managing assets throughout their lifecycle.

A.9 - Access Control

This section establishes controls to manage and restrict access to sensitive information and systems. It includes user registration and deregistration, user access provisioning, management of privileged access rights, control of password management, and restriction of access to programs and data.

A.10 - Cryptography

A.10 focuses on the use of cryptographic controls to protect the confidentiality, authenticity, and integrity of information. It includes guidelines on how and when to implement cryptographic measures, key management, and maintaining the effectiveness of the cryptography used.

A.11 - Physical & Environmental Security

This part addresses measures to prevent unauthorised physical access, damage, and interference to the organisation’s premises and information. It covers security of equipment, secure areas, protection against threats, environmental hazards, and working in secure areas.

A.12 - Operations Security

A.12 is concerned with the management and protection of information processing facilities. It includes operational procedures, responsibilities, malware protection, backup, logging, monitoring, control of operational software, and handling technical vulnerabilities.

A.13 - Communications Security

This section covers the protection of information in networks and its support. It includes network security, segregation, information transfer policies and procedures, electronic messaging, and confidentiality agreements.

A.14 - System Acquisition, Development & Maintenance

A.14 focuses on ensuring security is an integral part of information systems across the entire lifecycle. This includes protecting application services, securing application development and support processes, and protecting data used in testing.

A.15 - Supplier Relationships

This section addresses the management of risks associated with suppliers. It involves ensuring the protection of the organisation’s assets that are accessible to suppliers and maintaining an agreed level of information security and service delivery in line with supplier agreements.

A.16 - Information Security Incident Management

A.16 is all about managing and responding to information security incidents in a timely and effective manner. It includes responsibilities and procedures for managing incidents, reporting, assessment, response, learning from incidents, and collection of evidence.

A.17 - Information Security Aspects of Business Continuity

A.17 emphasises the importance of including information security in the business continuity management process. It involves establishing, documenting, implementing, and reviewing the organisation’s resilience to information security incidents that could lead to interruptions in business activities.

A.18 - Compliance

The final section, A.18, deals with identifying, documenting, and ensuring compliance with legal, statutory, regulatory, and contractual obligations. It also includes the review of information security policies, technical compliance, and audit considerations.

Disclaimer 🤚

We’ve put our heart and soul into building something to help millions of Startups & SMEs around the world.

We’ve done a lot right and made mistakes along the way, cause no one ever said #RegTech or startup risk management was easy.
Rest assured we are leveraging the brightest minds, deepest resources, connected partnerships and hunger for growth to develop a better product every day for you.

With that being said… In no event shall CertifiedBy, its affiliates, partners, or licensors be liable for any direct, indirect, incidental, special, consequential, or punitive damages, including but not limited to, lost profits, lost data, business interruption, or other losses arising out of or in connection with the use of, or inability to use, the CertifiedBy platform or any content, advice, or recommendations generated by the platform.