ISMS Consulting and Guidance

Our professional consulting team offers ISMS consulting and guidance to help enterprises get certified to ISO 27001 and control information security risks by improving management processes.

ISMS services are required by competent authorities as well as laws and regulations, and are desired by enterprises that actively seek solutions to control their internal information security issues and sharpen their competitive edge in their industries. Through these services, an information security management system can be introduced through a process-based approach. An effective management system and risk management can identify internal and external threats and vulnerabilities, and effectively reduce and control them. In case of an information security incident, quick recovery and response can be ensured.

ISSDU's ISMS services are carried out by our information security consulting services team. Each of our consultants has more than eight years of consulting experience. The team provides guidance on getting certified to ISO 27001 for Level A, B and C government agencies, educational institutions, medical institutions, and general enterprises.

提升資訊安全管理系統
降低資安威脅與弱點風險

ISMS Consulting and Guidance's Service Advantages and Benefits


Experienced Consulting Team

With rich experience in information security, all ISSDU information security consultants have provided guidance on management system certification for different organizations, and are able to offer solutions that fit the needs of customers

Customized Guidance Planning

The information security management system needs to be flexibly adjusted according to the type of the customer organization. Our consultants provide guidance on making minimal changes through integration in accordance with different laws, regulations, and standard requirements.

Preventive Control of Information Security Risks

Introducing an information security management system can provide effective prevention security control to ensure the normal operation of important businesses, building information security crisis management and response capabilities for quick response to information security incidents.

International Management Standards

We provide guidance, in line with the Cyber Security Management Act and the international standard ISO 27001:2013 (latest), on controlling information security risks through systematic processes and systems in order to achieve the goals of information security protection and continuous operations.

ISMS Consulting and Guidance Flow

01 Plan

02 Do

03 Check

04 Act

  • Situation Diagnosis and Gap Analysis
    Analyze the gap with international standards based on your organization's existing information security system, business operation characteristics, or document/form testing and bridge the gap through guidance.
  • Establishment of Information Security Management System
    Customize four-level information security documentation for your organization, including information security policies, management procedures, work instructions, documents/forms and records, by having interviews and understanding the business operation characteristics of your organization.
  • Risk Assessment and Management
    Identify threats and vulnerabilities of information assets, determine potential threats and their likelihood of occurrence, and produce risk assessment reports to effectively manage and reduce risks.
  • System Implementation Guidance and Internal Auditing
    Implement an overall information security system based on the four-level information security documentation, including business continuity plans (BCPs), training, and the execution records of relevant activities, review the implementation of the system through internal audits, and check the results.
  • External Auditing and Certification
    Cooperate with third-party certification bodies in performing Information Security Management System (ISMS) certification audits and obtain ISO 27001 Information Security Management System certification.

ISMS顧問輔導常見問題


ISMS資訊安全制度導入通常需要花多久時間完成?
視組織需求:不同範圍、系統數量、人數,導入時間會有所不同,基本上7~8個月完成。

目前BSI、SGS、TUV、艾法諾、貝爾...等。

顧問可以依戶需求協助評估,可透過實地訪談、現場評估來了解制度導入範圍,基本上會有機房、應用系統或服務、法規要求之範圍。

可依照客戶需求辦理。

ISO 27001 資訊安全管理制度證書有效期為三年,每年須定期審查。

ISSDU Provides You with Services that Fit Your Industry and Needs

We offer customized information security testing services