ISO/IEC 27001:2022 Consulting

Ethic Ninja is registered with ASPI (security testing STT 048/2024, IT audit STT 091/2024) and BSSN (SMPI.LK.9/BSSN/D1/PS.02.01/08/2022), and is a CREST Pathway+ member (Org ID 09970976).

Why ISO/IEC 27001:2022?

The 2022 edition updates the international standard for Information Security Management Systems (ISMS), including 11 new controls for modern threats—threat intelligence, cloud security, data masking, and more.

• Client & partner trust — competitive advantage in tenders and multinational partnerships
• Regulatory alignment — supports OJK, Bank Indonesia, BSSN, and contract requirements
• Structured risk management — right-sized controls via formal risk assessment
• Continuous improvement — PDCA cycle keeps security evolving with threats

Our Services

• ISMS scope planning and gap assessment
• Policy and procedure (SOP) development
• Risk assessment and Statement of Applicability (SoA)
• Awareness training for staff
• Internal audit and management review support
• Certification audit simulation and Stage 1 & 2 accompaniment
• Remediation planning through certification

Five-Phase Methodology

1. Planning — scope, kick-off, required documentation
2. Analysis — interviews, gap & risk assessment
3. Execution — SoA, policies, awareness training
4. Pre-certification — internal audit, management review, mock audit
5. Certification assistance — Stage 1 & 2 with your chosen certification body

Deliverables

Gap assessment report, ISMS scope & context documents, security policies, SOPs, training materials, internal audit & management review reports, risk assessment report, and draft SoA.