top of page
ISO27001 header.jpg

ISO27001 Services

If you are developing, operating, or providing a system for the Australian government or its agencies, we can help. 

What is ISO27001?

ISO27001 is a globally recognised standard for Information Security Management Systems (ISMS). It provides a framework of policies, procedures and controls to help organisations protect their information assets from various threats and risks. It is one of the information security standards recognised by the Defence Industry Security Program (DISP), and one of the few information security standards for which independent certification is available.


In addition, ISO27001 is a very useful framework to use as a management layer, which can be used with a range of technical security standards which may be in use in different components of your technology environment.


The ISO27001 services offered by De Stefano & Co include:

ISO27001 Gap Analysis

Our ISO27001 gap analysis service will assess your current state ISMS against the requirements of the standard and identify any areas that require improvement, and/or areas of non-conformance.


This service will be undertaken in the following sequence:

  • Understand the scope and objectives of your ISMS and the applicable legal and regulatory requirements;

  • Conduct a comprehensive gap analysis of your ISMS and provide you with a detailed report of the findings and recommendations; and

  • Develop a tailored action plan to address the gaps and improve your ISMS in line with the standard.

In performing these services, we will ensure that any advice we give you about the implementation of technical and procedural controls are appropriate for your risk environment, leverage existing security plans and processes, and are relevant to your operating context.

ISO27001 Implementation Services


De Stefano & Co offer an implementation service for your organisation to establish the information security management system and support you in your journey toward certification. These services follow on from our ISO27001 gap analysis service, and our experienced team will provide the following as part of an implementation engagement:

  • Develop and implement the policies, procedures, and controls that are required for an effective ISMS;

  • Provide training and awareness to your staff on the ISMS and the ISO27001 requirements;

  • Perform an internal audit and a mock external audit to prepare you for the certification process; and

  • Support you throughout the ISO27001 certification process.

ISO27001 Maintenance and Support


We offer a maintenance and support program similar to our unique Ongoing Compliance Assurance (OCA™) Program that we provide to DISP members.


Once you have established your ISMS, it’s not as easy as "set and forget". Security requires an ongoing effort to ensure that the processes and controls you’ve established continue to operate effectively, and remain suitable and appropriate to your operational circumstances and threat environment.

We can reduce this burden for you by providing ongoing support which gives you access to the expertise of our highly skilled security team.

Depending on the size, complexity and risk profile of your organisation, we will establish a support program tailored to your needs to ensure that your ISMS remains effective, assisting you to maintain your ongoing certification.


Some of the ongoing support measures may include:

  • Maintenance and update of security policies and procedures

  • Regular reviews of your risk registers when your organisation’s operating context changes e.g. new clients, capabilities, systems, and/or threats

  • Internal audit of your ISMS procedural and technical controls

  • Project and/or systems level security assessments

  • Assistance and support in the management of security incidents

By engaging our team to support you with one of our ISO27001 services, your organisation will benefit from:

  • Improved information security awareness and culture within your organisation

  • Enhanced protection of your information assets and reduced exposure to cyber threats and incidents

  • Increased trust and confidence from your customers, partners and stakeholders

  • Competitive advantage and market differentiation in the defence sector and other regulated industries

  • Compliance with international best practice and industry standards

Why work with De Stefano & Co?


We have an experienced and professional team who have worked with all manner of organisations, ranging from global technology firms, government departments, and highly regulated industries, through to specialist engineering and manufacturing firms. We committed to making our client’s security journey as painless as possible by providing tailored and practical security solutions which are effective, achievable and don’t slow your business down.

Are you ready to get started, or want to learn more? Contact our team today.

bottom of page