Implement ISO 27001 in 6 Months
Our ISMS implementation workshop programme is designed to take your organisation from initial assessment to full ISO 27001 certification readiness in an accelerated 6-month timeframe.
The programme combines in-person and virtual workshops with the use of the ResGuard Compliance Manager (RCM) platform to automate documentation, policy management and evidence collection.
Why ISO 27001 in Colombia?
ISO 27001 adoption in Colombia is growing rapidly for multiple reasons:
- Financial regulator requirement — External Circular 007 of 2018 from the Financial Superintendence of Colombia (SFC) requires cybersecurity standards aligned with ISO 27001 for supervised entities
- Competitive advantage — Certification differentiates your company in public and private tenders, especially with government entities
- Complement to Law 1581 of 2012 — A robust ISMS strengthens personal data protection compliance and demonstrated accountability before the SIC
- CONPES 3854 — The National Digital Security Policy promotes the adoption of international standards such as ISO 27001
- Client confidence — Demonstrates commitment to security for national and international clients
Programme Structure — 6 Months
Month 1 — Assessment and Planning
- Workshop 1: Introduction to ISO 27001 and gap analysis
- ISMS scope definition
- Identification of interested parties and Colombian legal requirements (Law 1581, External Circular 007 SFC)
- RCM platform configuration for your organisation
Month 2 — Risk Management
- Workshop 2: Risk assessment methodology
- Information asset identification and classification
- Threat and vulnerability analysis
- Risk treatment plan development
Month 3 — Policies and Controls
- Workshop 3: Security policy development
- Implementation of applicable Annex A controls
- Statement of Applicability (SoA)
- Information security policy and derived policies
Month 4 — Operational Implementation
- Workshop 4: Operational security procedures
- Access and identity management
- Business continuity plan
- Incident management procedure
Month 5 — Training and Awareness
- Workshop 5: Security awareness programme
- Key personnel training
- Phishing simulations and security testing
- Evidence collection and documentation in RCM
Month 6 — Internal Audit and Preparation
- Workshop 6: ISMS internal audit
- Management review
- Non-conformity remediation
- Full preparation for external certification audit
What Does the Programme Include?
- 6 expert-led workshops — 4-6 hour sessions with a certified ISO 27001 Lead Auditor consultant
- 12-month RCM licence — Full access to the ISMS management platform
- Templates and documentation — Complete kit of policies, procedures and records
- Inter-workshop support — Unlimited email queries and fortnightly follow-up meetings
- Internal audit — Conducted by our team as certification preparation
- Readiness report — Final assessment of certification readiness
Expected Outcomes
Upon completion of the 6-month programme, your organisation will have:
- A fully documented and operational ISMS compliant with ISO 27001:2022
- All required evidence organised in the RCM platform
- Staff trained in information security management
- Full preparation for certification audit by an accredited body