Home | About Us | Services | Clientele | Recognition | Media | Contact Us | Careers | Site Map
Quality Systems Consulting Services
This includes providing Quality Systems Advisory Services to qualify businesses against the requirements of international quality systems:
Quality Systems Consulting Services
ISO 9001
ISO 14001
BS OHSAS 18001
ISO 22000 / HACCP
ISO 22301
ISO 27001
ISO 31000
Quality Systems FAQs
Other Quality Systems Services
Economic Consulting Services
Management Consulting Services
Training Services
ISO/IEC 27001:2013 Information Security Management System (ISMS) Standard
Global Consultants (GC) Company provides diversified ISO 27001 services in Kuwait:
a. Assist companies in meeting standard requirements, and design appropriate controls as needed.
b. Train staff on the standard requirements, mechanism of implementation, and internal audit training principles
c. Coordinate with reputable accredited certification bodies for granting certificates
d. Provide support in maintaining appropriate and effective implementation during the certificate validity (3 years)
In light of the current technology advancement, information assets became one of success factors for any organization. By achieving ISO/IEC 27001 information security management systems certification your company will be able to reap numerous and consistent benefits, such as:
Manage and minimize risks exposure related to information assets through designing the best and most economical internal controls that are commensurate with the business environment and volume
Protect the company, assets, shareholders and directors
Keep confidential information secure
Reduce the cost of re-creating databases and automated systems in case of loss or penetration.
Ensure business continuity in crisis situations
Provide customers and stakeholders with confidence in how you manage risks associated to information assets
Allow for secure exchange of information
Allow to ensure meeting your legal obligations and contractual terms with customers, hence, reduce legal risks related to confidentiality violation and data leakage
Help to comply with regulatory compliance requirements such as Capital markets Authority (CMA), and Central bank of Kuwait (CBK) on maintaining the security and confidentiality of customer data
Provide a competitive advantage
Enhanced customer satisfaction that improves client retention
Maintain consistency in the delivery of your service or product through establishing documented policies and procedures based on risk assessment and developing systems to address potential risks
Raise awareness among employees within the business entity on the concept of Information Security Management
Increase the effectiveness and efficiency of the information security operation and management, thus saving time and resources through activating the process engineering
Build a culture of security
Therefore, business entities (banks / companies / government bodies) have become in a dire need to implement information security management systems due to the sensitivity and seriousness of information being circulated through such systems. It has become imperative for business entities to seek international ISO 27001 consultation and certification, which reflect the integrity of the system applied in accordance with international standards in this context.
Details of obtaining ISO 27001 certificate on information security management system (ISMS), will be presented according to the style of the Frequently Asked Questions (FAQ) as follows:
1- What are ISO 27001 Information Security Management System (ISMS) standard requirements?
  ISO 27001 Information Security Management System (ISMS) standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the business entity’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual businesses.
2- What are the entities that need to be qualified against the ISO 27001 standard?
Oil companies
Government agencies
Public shareholding and closed companies (in all sectors, such as telecommunications companies, hospitals, etc.)
Privately owned companies and large individual organizations
Non-profit organizations (NGOs)
International and regional organizations
3- What is the starting point for any business that decides to proceed on implementing ISO 27001 Information Security Management System (ISMS) Standard?
  Simply, you can approach ISO 27001 consulting company, i.e. Global Consultants Company, where you will be in contact with accumulated practical experience and a team of qualified experts who are holders of specialized certifications such as ISO 27001 Lead Auditor. Such expertise provides Global Consultants Co. with a competitive edge over the competition and allows us to qualify various businesses for certification against ISO 27001.
4- What is ISO 27001 consultancy role played by Global Consultants as a consulting company in qualifying a business for certification against ISO 27001?
  Global Consultants company in Kuwait offers ISO 27001 consultancy services in this area according to the following phases:
Phase I : Analysis of the gap between the current situation and the ISO 27001 Information Security Management System (ISMS) standard requirements.
Phase II : Documenting the system according to the ISO/IEC 27001:2013 Information Security Management System (ISMS) standard requirements.
Phase III : Supervising the system implementation.
Phase IV : Internal audit and management review.
Phase V : Training on the principles of ISO 27001 standards.
Phase VI : Following-up with the Certification Body.
Phase VII : System Maintenance during the Certification validity.
5- What is the relationship between information security system and information risk management and internal control systems?
  The information security system, according to the requirements of the ISO 27001 Information Security Management System (ISMS) standard requirements, is based on the following:
A. Information Asset Identification
B Risk assessment
C. Developing risk treatment plan by designing a set of Internal Controls that are commensurate with the nature and volume of business.
D. Residual risk assessment and monitoring.
E. Internal Controls performance assessment.
6- How long does it take a consulting company to qualify a business for certification against ISO 27001standard?
  The period required for consultation to qualify a business entity for certification against this standard ranges from 3 to 12 months, depending on the outcome of Phase I above, i.e. analyzing of the gap between the current situation and the ISO 27001 standard requirements.
7- What is the Certification Body? What is the role played by them in certifying a business entity against ISO 27001 standard?
  The Certification Body is an internationally accredited entity that pursues the process of independent external audit and the system implemented by the business entity. The role of the Certification Body is limited to auditing the system that was created by the business entity in accordance with the ISO 27001 standard requirements. If the audit results in the system compliance with those requirements, the business entity shall be certified against ISO 27001 Information Security Management System (ISMS) standard.
8- What are the International Accreditation Bodies?
  Each certificate issued by the certification body must be approved by an international accreditation body. The accreditation bodies are often governmental or non-profit agencies working to develop standards for audits to be done by the certification body to ensure their commitment to quality service. Examples of accreditation bodies include the United Kingdom Accreditation Service (UKAS), the American National Standards Institute (ANSI), among others.
9- What is the validity period of the ISO 27001 certificate obtained by a business entity?
  The Certificate is valid for three years from the date of successfully passing the audit by the Certification Body.
10- Does the certification body perform any periodic audits during the validity of the certificate? Is this optional or mandatory?
  Yes, the certification body performs mandatory periodic audit throughout the validity of the certificate, once or twice a year, depending on the certification body’s estimation of the size of information security management system maintained by the business entity.
11- Does the consultancy service provider have any consulting role to offer to the business entity during the certificate validity period?
  This depends on the needs of the business entity itself. However, based on our experience with many business entities, commitment of the consultancy service provider in providing their services to internal audit team and to all organizational units on the implementation mechanisms ensures the effective implementation of the system and minimizes the chances of non-compliance with the ISO 27001 requirements. Non-Compliance may result in withdrawing the certificate. Even if valid in the period, withdrawal of the certificate requires the business entity not to use the certificate or its trademark and to discontinue disclosing its validity to any third party. Otherwise the entity shall be subject to legal accountability in this regard.
12- When the certificate expires, how is ISO 27001 Certification renewed?
  Upon expiry, a substantial audit of the system shall be conducted again to ensure its safety and comprehensive updating. If the audit results in the system compliance with the requirements, the certificate shall be re-issued to be valid for another three year period.
13- Does Global Consultants offer any ISO 27001 training courses?
  Yes, Global Consultants provides three types of ISO 27001 training courses on Information Security Management System (ISMS) standard, as follows:
A. ISO 27001 awareness training courses on the requirements of Information Security Management System (ISMS) standard. These courses are designed in the form of specific hours a day to fit the work system at the business entity.
B "ISO 27001 Internal Auditor" training courses, which are delivered over periods of three days, from 8:00 a.m. to 5:00 p.m., and end with an exam administered by Global Consultants.
  Accredited "ISO 27001 Internal Auditor" training courses, which are delivered over periods of three days, from 8:00 a.m. to 5:00 p.m., and end with an exam by a certification body.
C. Accredited “ISO 27001 Lead Auditor" training courses, which are delivered over periods of five days, from 8:00 a.m. to 5:00 p.m., and end with an exam administered by a certification body
If you require any further information not mentioned in the above questions, kindly contact our Business Development Department and we would be happy to answer all your queries regarding ISO 27001 information Security Management System (ISMS) Standard.
Tel: +965 1828283
Fax: +965 2294 2649
  Contact Us