• Imagine an ISO 27001 consulting organization that will ensure all controls are implemented, and audited, all personnel trained, all policies are documented and you receive a zero-defect certification. Sounds too good to be true? At Coral, this is a passion that every Consultant has.
  • Whether you need ISO 27001 certification for internal or external purposes, or it is customer-driven or management-driven, the Coral team is available to assist you.
  • Whether you are a startup or an established business with global operations, Coral’s methodologies can help you achieve your ISO 27001 certification.
  • Whether your applications and network are in the office, in the cloud, or a hybrid, Coral will design the program tailored to your business needs. With years of experience, Coral is well-equipped to handle any level of complexity.
  • We provide comprehensive ISO 27001 consulting services, with a team of experienced consultants who guide you through the process step-by-step. Our agile methodologies ensure a fast certification process.
  • As the instances of cyber security breaches are on the rise, it is becoming increasingly important for organizations to implement ISO 27001 for staying ahead in this cat-and-mouse game. Coral's consulting methodology is designed to provide the best advice, ensuring that not only your security is guaranteed, but also that a continuous cyber security governance program is put in place.
  • Start your comprehensive ISO 27001 ISMS journey today. Contact us to begin

Start Your ISO 27001 Journey Now!

ISO 27001 Certification Consultant

ISMS – ISO 27001 Consulting Engagement Phases

Here is a brief overview of al the phases involves in implementing ISMS-ISO 27001 certification.

Phase I - Understanding Business and Security Objectives

  • Every client is unique with its business model, customers, and information security requirements
  • The ISMS-ISO 27001 implementation journey starts with this phase where we determine and document the clients’ business requirements for Information Security management system (ISMS).
  • This is where ISMS context, requirements of internal and external parties, and scope are determined and documented.

Phase II - Gap Analysis and Risk Assessment

  • Based on the outcome of phase I, a combination of approaches is applied by Coral ISMS ISO 27001 consultants to conduct the gap analysis.
  • A session with each organization team to asses their current scope of work and their controls are determined.
  • A Penetration test against their applications and network reveals their current state of security vulnerabilities.
  • A threat model approach is applied to determine their systems and their current process gaps.
  • With more and more organizations choosing a combination of on-prem and cloud infrastructure, an assessment may involve a set of controls and their effectiveness across both environments.
  • ISO 27001 Gap Analysis phase is a key phase in designing control responsibility to stakeholders.
  • ISO 27001 Gap analysis will reveal gaps in all applicable domains such as ISMS governance, Application development, IT operations, Cloud Operations, Human resources, Physical Security, Supplier management etc.
  • Coral consultants will provide detailed recommendations for each identified gap with their recommendations.

Phase III - Control - Design, Documentation, Measurement, and Risk Management

  • ISO 27001 Control Design involves control allocation responsibility to organization stakeholders.
  • Documentation involves sharing and discussing 20+ policies and procedures across domains involving ISMS governance, Application development, IT operations, Cloud Operations, Human resources, Physical Security, Supplier management etc., as per applicable controls.
  • Risks identified in the gap analysis are tracked toward decision-making and closure. Some risks are quick wins, whereas others may take longer to close.
  • Control Measurement involves testing the control effectiveness and providing stakeholders with an objective performance of the ISMS
  • These phases may run in parallel or sequential based on the organizational dynamics.

Phase IV - Training & Brainstorming Sessions

  • Training of staff involved in ISMS operations is a key factor in successful ISMS implementation.
  • ISMS involves company staff involved in defining their internal security controls.
  • Our consultants will deliver a combination of trainings including awareness, risk management and standard interpretation
  • Each documentation or risk undergoes brainstorming with staff to derive at a ‘best-fit’ solution for the organization.

Phase V - Internal Audit and Management Review

  • ISO 27001 Internal audit starts with preparation of ISO 27001 checklist and selecting client staff as auditee, latter responsible for the controls.
  • Internal Audit involves verifying the effectiveness of the implemented lifecycle controls through interviews with system verification of applicable controls.
  • A formal report is published for management team.
  • We facilitate reviews with the management to ensure that the initial ISO 27001 policy objectives and goals are achieved.


At this stage:

  • As a result of undergoing these phases, Coral has implemented for a client an operational Information Security Management system (ISMS) that includes people, processes, technology and ongoing measurements.
  • Each of the ISO 27001 certification requirement has been completed by combination of one or more of policy, responsibility, report, record, technology, and automation.
  • The organization now has a plan that demonstrates its continued commitment like any other business function.
  • At this stage, the organization is ready for inviting external certification body to certify them to ISO 27001 certification.

Phase VI - External Certification Support

Chosen external certification body audit performs ISO 27001 certification in two phases:

  • Stage 1 – Documentation Review, and
  • Stage 2 - Implementation Verification

With the two phases completed, the certification body issues an ISO 27001 certificate.
Finally, upon receiving their ISO 27001 certificates, the clients are officially iso 27001 certified. This is the time to celebrate !!

ISO 27001 - 2022
Brief Overview

Control Area Total Controls
Management Controls System 30
Organizational Controls 37
Personnel Controls 8
Physical Controls 14
Technical Controls 34
Total 123
  • ISO 27001 – 2022 consists of Management System requirements and Annexure Controls.
  • Management system requirements help to design the governance system, whereas annexure controls assist in choosing the applicable controls to reduce information security risks.
  • There are currently 30 individual requirements in the ISO 27001 Management System section and 93 controls in the annexure sections.
  • Listed below are further breakups on the annexure controls

ISMS – ISO 27001 FAQs

Call or write to us at :
for proposal / roadmap / information
Would You Like To Speak To Our ISO 27001/ISO 27002 Certification Consultant?
Contact Us Now !