logotype

How It Works

01

SCOPE DETERMINATION

Here we understand the business and ISMS context. We schedule meetings with all the decision makers at various levels (geography, departments, branches) to understand the business processes in great detail.

02

GAP ANALYSIS

It includes asset identification, risk assessment and existing control identification. We map out existing and required security infrastructure of all business processes. We then determine the deviation from the necessary requirements and make action plans to fill the gaps.

03

IMPLEMENTATION

In this phase we help implement a detailed list of compliance for the organisation. Every department, every team in the scope is provided with a list of security and access controls, communication channels, SOPs etc. We then conduct an efficiency check to determine the efficiency of the controls introduced.

04

INTERNAL AUDIT

This phase is also called as the ISO 27001 Pre-Audit. Under this phase we securely check whether the controls implemented and the processes introduced are being followed in the organisation. The tests check the level of ISO 27001 implementation as well as its adaptation in the organisation.

05

CERTIFICATION

Certification process is carried out by independent auditors, not by the implementers. We bring the auditor for the certification process. Thus, we take care of end-to-end process from scope determination to certification making the whole process easy for the client.

Trusted by International Brand

ISO 27001

We Help Your Organization Become ISO 27001 Compliant

ISO 27001 aims to protect information in all forms. Kratikal has a 5-phase approach that starts with determining the scope of work, followed by determining the ISMS objectives. This is followed by risk assessment and gap analysis, where we recommend and advise you additional security controls. Our detailed risk assessment includes technical and non-technical infrastructure.

Leave us massage

How May We Help You!

      Service Request Form

      Select Service(s) You Want:

      Information & cyber security program strategy & roadmapEnterprise & cyber security risk assessment & managementThird party risk managementVirtual CISO serviceCyber security awareness programPhishing simulation programThreat modelingUser access governance & certificationIncident management and response planISO 27001/22301/27701/9001RBI master directionNHB cyber security guidelinesIRDAI cyber security guidelinesNIST FrameworkSOC1/SOC2Data localization as per RBI circular of storage of payment system dataCIS frameworkInternal audit managementCloud assessment as per CISDesigning cloud security architectureCSPM security monitoringGap assessment as per applicable guidelinesNetwork architecture reviewFirewall rule reviewFirewall configuration reviewSystem hardening checksVulnerability assessment program managementWeb application penetration testingMobile application penetration testingInfrastructure vulnerability assessmentAPI vulnerability assessmentAPI fuzzingRed teaming ExerciseData protection advisoryData flow diagramDigital personal data protection acData protection controls implementationData discovery and classificationDesigning of data protection policyData governance programDigital personal data protection acGap assessmentArticulation of policy and proceduresISO 27001/22301/27701/9001, PCI-DSS, SOC1/SOC2, COBIT, COSO, HIPPA, RBI, IRDAI, NIST, Data Localization, CISGRC tool implementationArticulation of BCP plan and strategyCrisis management planBCP/DR planning and implementationImplementation of BCMS standard (ISO 22301)Conducting actual and tabletop DR drillsFunctional recovery planGRC resource deployment onsite/offsiteSecurity services resource deployment onsite/offsite

      Contact Details:

      Name (required):

      Organization Name (required):

      Email (required):

      Contact No (required):

      Detail about the requirement (optional):