Implementation
Build the ISMS scope, risk process, Statement of Applicability, policy set, control ownership, and evidence routines.
ISO 27001
CENIT helps medical-device, IVD, SaMD, and software teams build, document, and audit an ISO 27001-aligned information security management system.
Services
Implementation, gap assessment, internal audit, and certification-readiness support for teams that need a practical ISMS.
Build the ISMS scope, risk process, Statement of Applicability, policy set, control ownership, and evidence routines.
Compare current controls and records against ISO 27001 requirements before formal audit or certification work.
Review the ISMS, sample evidence, document findings, and define corrective actions.
Prepare the audit trail, management review inputs, corrective-action status, and external-audit handover.
Connect ISO 27001 work to SaMD, IEC 62304, IEC 81001-5-1, supplier controls, and QMS evidence when relevant.
Prepare practical responses for customer due diligence, security questionnaires, and partner reviews.
Scope
Scope is defined around implementation or audit support. Certification decisions remain with the certification body.
ISMS scope, risk assessment method, Statement of Applicability, policy and procedure drafts, control ownership, internal audit, management review inputs, and corrective-action tracking.
CENIT does not act as certification body, legal counsel, managed security provider, or penetration-testing provider unless separately scoped through a specialist partner.
Gap report, implementation plan, internal-audit report, corrective-action list, SoA inputs, policy drafts, and evidence checklist.
Method
Start with scope, then build or audit the ISMS against the evidence needed for review.
Confirm the organisation, services, locations, systems, products, and interfaces covered by the ISO 27001 work.
Review existing controls, records, responsibilities, risk treatment, supplier controls, and management review evidence.
Prepare the SoA inputs, policies, procedures, control records, audit trail, and corrective-action structure.
Support remediation planning, record updates, internal-audit closure, and certification-readiness review.
Next step
Send the current ISMS status, audit target, certification timing, and whether you need implementation support, internal audit, or readiness review.