Raksha
Raksha Technologies
ISO 27001:2022 — ISMS Compliance Advisor
← Hub ISO 27001:2022 ← Back to Hub

Client Profile

Extended Scope: Large organizations typically require wider ISMS scope, multiple internal auditors, and may face longer certification timelines. Consider phased certification approach starting with critical business units.
WHY

ISO 27001 is the gold standard for information security management. In India, it's increasingly required by enterprise clients, government tenders, and as a prerequisite for doing business with global companies. Without ISO 27001 certification, you lose deals, fail audits, and lack a systematic approach to managing security risks.

WHAT

ISO 27001 compliance requires establishing an Information Security Management System (ISMS) covering 93 controls across organizational, people, physical, and technological domains. Key areas include risk assessment methodology, Statement of Applicability, internal audit programs, management reviews, and continuous improvement cycles.

HOW

We guide organizations through the full ISO 27001 journey — gap assessment, risk treatment planning, policy development, control implementation, internal audit, and certification audit preparation. We help select certification bodies and maintain compliance post-certification. Typical advisory: ₹8-30 lakh depending on scope and organization size.

Available OEM Vendors (10)

1

Vanta

Automated compliance and security monitoring

2

Drata

Continuous compliance automation platform

3

Scrut Automation

Risk and compliance management platform

4

Sprinto

GRC and compliance automation

5

OneTrust

Enterprise privacy and governance platform

6

Secureframe

Security compliance management

7

A-LIGN

Compliance advisory and certification

8

BSI Group

Certification body and advisory services

9

TUV

Third-party certification and audit

10

KPMG

Management consulting and audit services

Vendor-neutral. Customer-first. We recommend what you need — nothing more.

Compliance Dashboard
Overall Compliance Score 0%
0
Compliant
0
In Progress
0
Not Started
0
Non-Compliant
Critical Domains Loading...
High Priority Domains Loading...
Compliance Requirements — 8 Domains
Solution Mapping Matrix
ISO 27001:2022 ISMS Requirement → Raksha Domain Advisor Mapping
ISO 27001:2022 ISMS DomainEDREmailNGFWSIEMZTIAMDLPCloudDevSecBackupGRCNetMDR
A. Context/Leadership
B. Risk Assessment
C. Organizational
D. People Controls
E. Physical
F. Tech Controls 1
G. Tech Controls 2
H. Audit/Review
Implementation Roadmap
1
Gap Analysis
Weeks 1–4
  • ISMS scope definition and context analysis
  • Gap assessment against ISO 27001:2022 requirements
  • Interested parties identification
  • Current control inventory and mapping to Annex A
  • Management commitment and resource planning
2
ISMS Design
Weeks 5–12
  • Risk assessment methodology and execution
  • Statement of Applicability (SoA) development
  • Policy and procedure documentation
  • Risk treatment plan with Annex A control selection
  • Roles, responsibilities, and competency planning
3
Implementation
Weeks 13–24
  • Technical controls deployment per SoA
  • Organizational and people controls implementation
  • Physical security controls verification
  • Security awareness training program launch
  • Incident management process operationalization
4
Validation
Weeks 25–32
  • Internal audit program execution
  • Management review meeting
  • Nonconformity identification and corrective actions
  • ISMS effectiveness measurement
  • Stage 1 certification audit preparation
5
Certification & Maintenance
Ongoing
  • Stage 1 and Stage 2 certification audits
  • Annual surveillance audits
  • Continual improvement cycle (Plan-Do-Check-Act)
  • Risk reassessment and SoA updates
  • Re-certification every 3 years
Impact Reference — ISO 27001:2022
Failure to achieve/maintain ISO 27001 certificationLoss of business — many contracts require ISO 27001
Non-conformities found during surveillance auditConditional certification / Suspension
Major non-conformities during certification auditCertification denied or suspended
Failure to address corrective actions within timelineCertificate withdrawal
SEBI/RBI mandate non-compliance (where ISO 27001 required)Regulatory penalties apply
Raksha Technologies
Cybersecurity Procurement Advisory · www.raksha.co.in