CMI pre-assessment is a general framework that takes a look at your Information Security Management System in terms of policies, processes and most importantly their enforcement. The enforcement can either be using organisational policies, people, or technological and physical controls. The main advantage of a CMI assessment compared to a traditional readiness audit is that we take a look at the following categories in your ISMS:

- The technological enforcement inside multi-cloud environments.
- The overall security posture of the organisation as reflected by your ISMS.
- The language used to write the policies.

Meanwhile, a readiness audit will only examine the presence of policies and will not go deeper into their effectiveness, nor take a look at their enforcement. You may pass an ISO 27001 readiness audit with a low security posture. The CMI assessment will allow you have a correct view into your weaknesses in both policies and their enforcement.

The ISO auditor is not an export on technology, nor in security, but an expert in law. At CMI, we are not lawyers, we are security professionals, with deep knowledge in systems and security and an understanding of the laws governing information security, one of which is ISO 27001.

ISO 27001 is not meant to be a boring set of laws that you need to be compliant with, but it is meant to guide you towards improving your security, and be resilient from cyber attacks.

If you want to know more about the process that we take in order to prepare you for the ISO 27001 audit, please contact us via email at: contact@certifymyisms.com.