• 30 697 4022582

ISO 27001 Implementation

Infodefense provides certified and experienced information security professionals with real-world experience of designing, building, implementing, managing and maintaining ISO 27001 ISMSs.

ISO 27001 Implementation
Phase 1. Scope of Implementation;

We assist you to determine the ISMS scope so that the identified business objectives are achieved, creating a solid foundation for building an effective ISMS.  During this phase a base line review of the organization’s current position with regard to ISO/IEC 27001:2013 is conducted.

Phase 2. Risk Assessment

The objective in this phase is to create an effective risk management process to ensure that potential impacts do not become real, or if they do, that contingencies are in place to deal with them. Prepare an Inventory of information assets to protect, and rank assets according to risk classification based on risk assessment. This step involves meetings and discussions with the asset owners in order to understand their concerns and the importance of the assets under their responsibility to organization’s business functions. Perform a comprehensive Risk Assessment on the identified critical IT assets and select appropriate risk mitigating controls.

Phase 3. Risk Treatment Plan

The objective of this phase is to identify a set of actions that should be put in place to address the unacceptable risks identified by the Risk Assessment. We develop a plan for the implementation of the controls selected in the previous phase. The implementation plan will guide your organization's team in the implementation of the identified controls. Our consultabts can also assist managing the implementation program  During this phase we will also develop the ISMS documentation and functional IT security policies and procedures according to ISO 27001 which will address the risk areas identified earlier (as per the risk mitigation and treatment plans). 

Phase 4. ISMS Review

The main purpose of this stage is to to ensure that Information Security processes are carried out effectively, efficiently and economically to the benefit of the organization. With internal audits we identify compliance or any areas of non-compliance with ISO 27001 as well as further opportunities for continual improvement, which may extend beyond the criteria set out in ISO/IEC 27001. We provide an ISMS Improvement Program in line with the PDCA process which with management reviews and responses taken  is essential to get ISO 27001 certification.


Our consultants will help you to:

  • Identify, analyze and evaluate the information security compliance requirements for your organization
  • Detail and illustrate the security controls best practices by concrete examples
  • Compare possible solutions to a real security issue and analyze the strength and weakness of each solution
  • Select and justify the selected approach and methodology adapted to the needs of your organization
  • Implement appropriate information security training, awareness and communication plans
  • Define and implement an incident management process based on information security best practices
  • Implement ISMS continual improvement processes in your organization
  • Review the readiness of your organization for a ISO 27001 certification audit
internal audits
The primary objectives of an ISO 27001 internal audit are:
  • To ensure that Information Security processes are carried out effectively, efficiently and economically to the benefit of the organization.
  • To identify compliance or any areas of non-compliance with ISO/IEC 27001.
  • To identify further opportunities for continual improvement, which may extend beyond the criteria set out in ISO/IEC 27001.
  • To provide the organization with internal assurance that Information Security is effectively managed and risks to the business are minimised.
Infodefense will provide:

  • An IRCA certified ISO 27001 Auditor
  • An audit plan defining the audit criteria, scope and methods.
  • An internal audit inline with ISO 27001 requirements.
  • A final report with the findings and a plan of corrective actions to address any shortcomings with best practices.

The ability of an organization to recover from a disaster is directly related to the degree of business continuity planning that has taken place BEFORE the disaster. Business continuity plans are critical to the continuous operation of all types of businesses. More importantly, these plans are assuming increased importance as companies become increasingly reliant on technology to do business.

A Business Continuity Plan describes the strategy and procedures for recovering Data Center processing of applications should a disaster substantially disrupt operations.


BIA and Risk Assessment

We identify events that can cause interreptions to business processes, along with the probability and impact of such interruptions and their consequences for information security.

Business continuity procedures

We develop and implement plans to maintain or restore operations and ensure availability of information at the required level and in the required time scales following interruption to, or failure of, critical business processes.

Plan the BCMS

We develop and maintain a single framework of business continuity plans to ensure all plans are consistent, to consistenty adress information security requirements, and identify priorites for testing and maintenance.

Test the Busines Continuity Plans

The purpose of this step is to plan the necessary activities to test the business continuity plans and update them regularly to ensure that they are up to date and effective. The objective is to ensure that the plans in place are workable and can be implemented in an emergency situation.

Jan 2014. Infodefense professionally guided us through the entire ISO 27001 ISMS implementation and certification with an effective risk management and treatment plan. On budget and on time. We look forward to continue our cooperation for the maintenance of the ISMS.

George Michalopoulos, Landis + Gyr, Digital Business Unit Manager

Mar 2014. Infodefense consultants exceeded our expectations during our ISO 27001 ISMS project. Within a very short time they were able to get a thorough insight of our voice and data network and address high security risks with an effective treatment and improvement plan in line with the standard.

Alexandros Cappos, Globo Technologies, Director | Technologies Busines Unit



Classify, Protect & Confidently Share Information. TITUS solutions enable organizations to classify, protect and confidently share information, and meet regulatory compliance requirements by identifying and securing unstructured data.

Contact Info


Address: Kappadokias 18  

171 24 Athens, GREECE

Tel: +(30) 697 4022582

Email: info(at)infodefense.net


Our Experience

Leveraging more than 10 years information security experience and success for clients in Greece, Cyprus and Malta”.