This website uses cookies

Additionally to the cookies that are essential for the site to operate correctly, we use some cookies or third-party services for extra features such as social network integration, advanced targeting etc. Read more about processing of personal data.

Main content section

Developing information security management systems ISO 27001

Our team has extensive experience with helping organizations to develop and implement standardized and non-standardized management systems. We help to develop processes, implement changes, carry out analysis, development meetings, audits and training for staff.

We work in English, Estonian and Russian. Please contact us to discuss how we can help your organization!

ISO/IEC 27001 is an international standard that defines the requirements for an organization’s information security management system. ISO 27001 consists of general requirements for the management system and the security controls that follow from them (Annex A lists a total of about 100 information security controls). We have experience in advising on the development of information security management systems and in conducting training courses for organizations in the IT sector as well as other sectors.

As a new version of the standard (ISO/IEC 27001:2022) will be released in October 2022, it will be possible to choose which version to apply for certification under at the beginning. The scope of the new version is a bit broader – it no longer just refers to IT, but to information and cyber security and privacy.

Aim of the consultation project

The aim of the management system consultancy project is to:

  • To make the organization’s information security governance more effective and transparent;
  • To bring the management system in line with the requirements of ISO/IEC 27001;;
  • To prepare the organization for certification by an internationally recognized certification body.

Specific objectives will be agreed with the client before the consultancy project starts.

Content and activities of the typical project

In our experience, a combination of training, consultancy and audits provides the best results in developing a management system. We work in a meaningful partnership with the client’s team members and firmly believe that a successful implementation of a management system is achieved when the organization is committed to the project and the implementation involves all levels of management within the organization. We train staff on the requirements of the standard and discuss different aspects of the organization’s working practices in small working groups. The consultant is primarily a facilitator of the content, but his role is usually also to document the management system in an appropriate and simple way. In creating the documentation, we follow the golden principle – “AS MUCH AS REQUIRED, AS FEWLY AS POSSIBLE”. In the future, it will always be possible to improve and specify certain areas and elements of the management system. A management systems consultancy project is usually divided into four phases:

I. Analysis of the current situation and needs of the organization.
II. Finding proper solutions and developing am ISMS
III. Implementation of the revised management system
IV. Evaluation of the ISMS and launch of the audit program


The end result of the project is an ISO/IEC 27001 compliant information security management system ready for certification by a certification body.


The duration of the project will depend on the size of the organization and the degree of streamlining of the existing management system. Typically, the duration of the project is around 6 months, although it may be longer for larger organizations.


  • over 25 years of practical experience in consulting and training;
  • our consultants have extensive practical experience in production, quality, information security and management;
  • wide range of services in area of LEAN/efficiency, management systems and strategy development;
  • unique possibilities to develop your personnel – public training courses, development programs and in-house trainings;
  • we work in English, Estonian and Russian languages.

Time, place and price

Detailed program, time and place are subject to additonal agreement.

Would you like to have more information about our services?

Related services