ISO 27001

ISO 27001 implementation and audit support.

CENIT helps medical-device, IVD, SaMD, and software teams build, document, and audit an ISO 27001-aligned information security management system.

Services

ISO 27001 services.

Implementation, gap assessment, internal audit, and certification-readiness support for teams that need a practical ISMS.

Implementation

Build the ISMS scope, risk process, Statement of Applicability, policy set, control ownership, and evidence routines.

Gap assessment

Compare current controls and records against ISO 27001 requirements before formal audit or certification work.

Internal audit

Review the ISMS, sample evidence, document findings, and define corrective actions.

Certification readiness

Prepare the audit trail, management review inputs, corrective-action status, and external-audit handover.

Medical-device interface

Connect ISO 27001 work to SaMD, IEC 62304, IEC 81001-5-1, supplier controls, and QMS evidence when relevant.

Customer and supplier evidence

Prepare practical responses for customer due diligence, security questionnaires, and partner reviews.

Scope

What CENIT covers

Scope is defined around implementation or audit support. Certification decisions remain with the certification body.

Included

ISMS scope, risk assessment method, Statement of Applicability, policy and procedure drafts, control ownership, internal audit, management review inputs, and corrective-action tracking.

Boundaries

CENIT does not act as certification body, legal counsel, managed security provider, or penetration-testing provider unless separately scoped through a specialist partner.

Outputs

Gap report, implementation plan, internal-audit report, corrective-action list, SoA inputs, policy drafts, and evidence checklist.

Method

How the work runs

Start with scope, then build or audit the ISMS against the evidence needed for review.

01

Set ISMS scope

Confirm the organisation, services, locations, systems, products, and interfaces covered by the ISO 27001 work.

02

Assess gaps or audit evidence

Review existing controls, records, responsibilities, risk treatment, supplier controls, and management review evidence.

03

Build the evidence set

Prepare the SoA inputs, policies, procedures, control records, audit trail, and corrective-action structure.

04

Close findings

Support remediation planning, record updates, internal-audit closure, and certification-readiness review.

Next step

Start with ISO 27001 scope.

Send the current ISMS status, audit target, certification timing, and whether you need implementation support, internal audit, or readiness review.