Skip to main content
Marsh logo

Solution

ISO27001 Compliance Consulting

Align information and cybersecurity practices with the international standard.

Download now Contact us

Benchmark

Benchmark the effectiveness of your organisations information and cybersecurity capabilities against international standards.

Identify

Identify cyber security red flags with recommendations and a roadmap to improve controls and process maturity.

Demonstrate

Demonstrate to customers, partners, insurers your organisation is committed to maintaining international best practices.

Continually

Continually improve the suitability, adequacy, and effectiveness of ISMS and effectively reduce the risk to cyber threats.

Across all industries, the ongoing digital transformation journey continues – driven by changes in the way we work, the adoption of new technologies and increases in regulatory compliance. While these advancements in technology drive increased efficiencies and optimised performance, they also bring new cyber risks. Every advancement widens the cyberattack surface, presenting increased and ongoing opportunities for skilled and savvy malicious threat actors.

Cyber criminals are exploiting weaknesses in underdeveloped security practices. Adopting a best practice in information management, data protection and cyber resilience can help mitigate these risks.

Why do you need ISO27001 Compliance Consulting

ISO27001 Compliance Consulting from Marsh Advisory allows organisations to adopt a top-down risk-based approach to information and cybersecurity security that is in line with international best practices.

Developing and deploying ISMS will provide the robust defences needed to prepare for and defend against inevitable security breaches. By developing and deploying an ISMS, your organisation can secure sensitive data, fortify against cyber-attacks, and reduce costs associated with information security.

It enables organisations to identify, assess, manage and mitigate risks associated with managing corporate information with recommendations and practices to improve controls, process maturity – and uplift their insurability profile.

Achieving ISO27001 certification demonstrates that your organisation is committed to maintaining internationally recognised best practices boosting the confidence of your customers, partners, insurers and third parties.

How it works

Marsh Advisory ISO27001 Compliance Consulting is delivered in four phases:

  • Phase 1:- ISO27001 gap assessment:- Establish a clear understanding of the current cybersecurity posture aligned with the ISO27001 framework requirements, including infrastructure, assets and application landscape, the organisation’s overall risk approach, and the processes that supports these efforts.
  • Phase 2:- Cybersecurity Strategy & Roadmap:- Develop a practical cybersecurity strategy & roadmap derived from the gap assessment that aligns business and ICT strategies together. To detail and describe the realistic target future state of cybersecurity given people, skills, time and budget available.
  • Phase 3:- Cybersecurity Roadmap Implementation Implement the services documented phase 2 into a roadmap that can be implemented in alignment with ISO 27001 standard requirements.
  • Phase 4:- ISO 27001 certification readiness support:- Preparation and support for an external IS027001 external certification audit.

Minimise cyber risk and exposure

ISO27001 consulting will not only validate the current cyber security practices and identify any potential gaps, it will also uplift your organisations cyber maturity through a risk-based approach – minimising your cyber risk and likelihood of exposure by following the industry best practice.

Download now

FAQs

A cyber incident response plan is a set of instructions that helps an organisation to identify, respond to and recover from cybersecurity incidents.

The 5 step approach to creating an incident response plan:
  1. Document the common types of security incidents that can occur in the organisation.
  2. Prioritise security incidents based on the severity. Incidents that impact organisational data and operational availability should be addressed as priority.
  3. Create an incident response flowchart with the steps to follow. Use a RACI matrix to list the personnel who will be involved at different stages of the incident response.
  4. Conduct mock up (simulation) exercises to train staff in the incident response plan.
  5. Update the incident response based on findings from the mock-up (simulation) exercises.

A cybersecurity incident response plan includes the security measures that an organisation should follow to respond to a cyberattack as it happens. The plan is broken up into 3 segments

  • Pre-incident: the plan documents the tools, resources and  personnel required to react to the incident
  • Incident response: the main segment that lists the step by step approach to be taken in response to an incident and restore the organisation back to regular business operations.
  • Post-incident: This segment documents the requirements for incident forensics and investigation to identify the failures that resulted in the incident occurring and the lessons learnt during the incident response stage.

Why Marsh

As experts in enterprise and cyber risk, we help you take an enterprise wide, scalable approach in building your cyber resilience.

Together, we identify your risks, and develop a best-for-you program and team of partners to help manage it.

Informing your approach and decision-making process with our 25 years of cyber expertise and data-driven insight. So that your path to cyber resilience is more productive and predictive; and your outcomes are more efficient and effective.

Article

Cyber resilience: 12 key controls to strengthen your security

Take practical steps to build your cyber resiliency with Marsh’s series on the 12 recommended cybersecurity controls, including their characteristics and requirements.

Learn more

Our people

Placeholder Image

Gill Collins

Head of Cyber Incident Management and Cyber Advisory, Marsh Pacific

This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. LCPA 23/167.