A tried and tested approach to ISMS construction and certification

  Have a question about ISO/IEC 27001, related standards, or about certification? Use our enquiry page to ask your question and we will do our best to answer it

Productised intellectual property-led IMS service

The IMS-Smart productised intellectual property-led IMS service consists of a unique blend of construction, review and training activities performed in accordance with a well-honed project plan and methodology. It is a service that is provided by us and our accredited franchisees around the world.

At the heart of this service is IMS-Smart On-Line. This acts as a repository for the documented information (i.e. documents and records) that you need to describe your implementation of the IMS-Smart architecture in which can we demonstrate conformance with one or more management system standards, such as ISO/IEC 27001 (information security), ISO 9001 (quality), ISO 22301 (business continuity) etc. Indeed, conformance to standards is most emphatically demonstrated through such records. Moreover, as a management tool, your records will be just "one click away" because of our use of hypertext.

Don't worry if you feel that your basic controls are inadequate, we can address that as the project proceeds.


Our approach to assisting your organisation to gain accredited certification is to construct an especially configured Integrated Management System (IMS), conforming to the particular ISO management system standards against which you wish to be certified and capturing your organisation’s policies, procedures and practices as they currently exist. This newly constructed IMS is then used to manage any changes or improvements that you then wish to make to those policies, procedures and practices.

The advantages of this approach are:

  • It is expandable to other management system standards, allowing you to gain additional certifications in the future
  • It uses a business risk management approach, allowing you to ensure that your use of the standards is proportionate to your business needs
  • Corrective actions and improvements to your existing policies, procedures and practices do not have to be completed before certification, as they are being managed in accordance with the relevant ISO management system requirements.

The project is conducted in four phases:

  • Phase A, in which we assist you to construct your Integrated Management System (IMS) and configure it in conformance with the particular standards that you seek (e.g., ISO/IEC 27001, ISO 9001 and/or ISO 22301)
  • Phase B, in which we assist you prepare it, and you, both technically and psychologically for certification
  • Phase C, in which we support you throughout the Initial Audit process leading to certification
  • Phase D, in which we will provide general support leading up to and including the first surveillance visit by the Certification Body.


There are five Project Milestones. They are:

  • M1-Contract award (immediately prior to the start of Phase A)
  • M2-IMS approved (at the end of Phase A, approval being given by your top management who are responsible for the IMS)
  • M3-IMS ready for certification (at the end of Phase B, the declaration being made by the chosen Certification Body Assessors at the conclusion of a pre-certification audit)
  • M4-IMS recommended for certification (at the end of Phase C, the recommendation being made by the Certification Body Assessors at the conclusion of the certification audit)
  • M5-IMS fully operational (at the end of Phase D, marked by the conclusion of the Certification Body’s first surveillance audit).

The mark of a successul IMS implemention is that you (the IMS Client) have the competence to proudly showcase your IMS to a certification auditor, without assistance from ourselves.

Contact us for further details and a quotation.