Implementation of ISO 27001

Information Security Management System (ISMS)

27001 Annex A

ISO/IEC 27001

The ISO 27001 standard contains best practices and general principles for managing company information security.

114 information security standard controls organized in 14 areas.

The basics of our work


The companies that we have implemented the ISO 27001 ISMSISO 27001


The average duration of implementation (from 5 to 12 months)


Experience of the audit, years


Diagnostic audits performed

ISMS implementation plan

Diagnostic audit

  • Agree on audit scope and objectives
  • Audit on-site
  • Presentation of the report

Organization of ISMS

  • Development of information security policy
  • Definition of organizational functions, roles, responsibilities and authorities
  • Definition and regulation of information risk management process
  • Definition and regulation of internal audit, management review, monitoring, measurement, analysis, evaluationnon, non-conformity and corrective action processes

Organization of risk management process

  • Inventory and asset description
  • Determine the criticality of assets
  • Assets register development
  • Information security risk assessment
  • Information security risk treatment

Implementation of the ISMS processes

  • Development of normative documentation to support the processes of the ISMS

Certification at customer’s request


«Active Audit Agency»

implements the ISO/IEC 27001 standard and prepares the Customer for a certification audit

Recommended certification body

Professional Evaluation and Certification Board Ukraine (Ukraine,Canada)


Our certificates

Our customers

Order a service

Get a commercial proposal or expert advice

Fill in the form, and we will contact you.