ISO 27001


ISO 27001

ISO 27001 aims to protect information in all forms. Kratikal has a 5-phase approach that starts with determining the scope of work, followed by determining the ISMS objectives. This is followed by risk assessment and gap analysis, where we recommend and advise you additional security controls. Our detailed risk assessment includes all forms technical and non-technical infrastructure (People, Process and Technology)


Stage I: Scope Determination
Here we understand the business and ISMS context. We schedule meetings with all the decision makers at various levels (geography, departments, branches) to understand the business processes in great detail.

Stage II: Gap Analysis
It includes asset identification, risk assessment, and existing control identification. We map out existing and required security infrastructure of all business processes. We then determine the deviation from the necessary requirements and make action plans to fill the gaps.

Stage III: Implementation
In this phase we help implement a detailed list of compliance for the organisation. Every department, every team in the scope is provided with a list of security and access controls, communication channels, SOPs etc. We then conduct an efficiency check to determine the efficiency of the controls introduced.

Stage IV: Internal Audit
This phase is also called as the ISO27001 Pre-Audit. Under this phase we securely check whether the controls implemented and the processes introduced are being followed in the organisation. The tests check the level of ISO 27001 implementation as well as its adaptation in the organisation.

Stage V: Certification
Certification process is carried out by independent auditors, not by the implementers. We bring the auditor for the certification process. Thus, we take care of end to end process from scope determination to certification making the whole process easy for the client.

Depending upon the number of employees, scale of organisation, IT Assets and geographical spread, the exact duration of the process will vary.

For more details, you can drop a mail to Our customer facilitators will call you back.


Builds a culture of security.

Protects the company, assets, shareholders and directors.

Keeps confidential information secure.

Provides customers and stakeholders with confidence in how you manage risk. Allows for secure exchange of information

Allows for secure exchange of information.