Gamma’s services at a glance

We are information security consultants. One of our main areas of expertise is Information Security Management Systems, and much of this web site is a free resource about developing and using such systems. Other pages explain the history, context and content of the related International Standards, ISO/IEC 27001 and 27002. This page tells you about our ISMS services.


An Information Security Management System, or ISMS for short, is an excellent way to manage information security, thereby ensuring confidentiality, integrity and availability of the information that your organisation stores and processes. ISO/IEC 27001 is a specification for an ISMS and ISO/IEC 27002 is a Code of Practice for information security controls. Both standards represent best practice and in today’s interconnected world with cloud services and such like, conformance with 27001 is becoming an imperative, and is often demanded of suppliers by their corporate customers.


So, if you are interested, how close are you to meeting the requirements of ISO/IEC 27001? To find out, Gamma can perform a gap analysis for you.

Once you know, we can help you to develop your own ISMS capability and achieve certification. There are three ways in which this can be done:
  • Consultancy: We can help you with policy, risk assessment/risk treatment, the Statement of Applicability, implementing controls, internal audit, staff training and much, much more.
  • Build your ISMS: We will help you to build your ISMS and achieve certification.

Once you have your certificate, the work isn’t of course over, as the ISMS is your new way to manage information security and there will be surveillance audits and triennial assessments to come. We can help you, throughout the lifetime operation of your ISMS, even if you haven’t hired us before, in providing our ISMS consultancy and managed services as described above.

However, there are three other ISMS services that we have for you:
  • Health check and tune up: We will review your ISMS and tell you how you get the very best out of out. We will then tune it, making it more efficient and more effective in accordance with our recommendations.
  • Transition to ISO/IEC 27001:2013: New versions of ISO/IEC 27001 and 27002 were published in October 2013. We can help you plan a transition from the 2005 versions of these standards in an orderly and efficient way.
  • Management system integration: We can help you integrate your ISMS with other management systems that you might have, such as ISO 9001 and ISO 22301, or establish an integrated management system capability from scratch.

If you would like more information on these services, or you would like to find out what else we can do for you, please contact us - we’d be happy to help.