CMI stands for Certify My ISMS, which is a pre-certification that companies want to adhere to before getting ISO 27001 certified by an external auditor. It allows them to know about any issues with their ISMS in a cost-effective manner before making the financial commitment to pay for a more financially demanding ISO 27001 external audit.

CMI allows bigger organization to have an external expert look at their overall security posture, their processes, policies as well as their implementation and enforcement either on their premises or on the cloud. CMI takes a look at the implementation inside endpoints, servers, SaaS and AI tools, as well as traditional non-technical information security processes such as the security of the HR process.

In order to get you secure before your next information security audit, we use the following three business processes:

1- CMI Bronze process: The Bronze process is designed to make you ready for your next ISO 27001 audit, it takes a look at your business processes and ISMS policies, performs a diagnostic, and generates a report, suggests corrections, applies the suggested corrections and creates a Bronze version of your Information Security Management System. The new version is created by an experienced human security consultant.

2- CMI Gold process: The Gold process is a post-process to the Bronze process and is a complimentary one, it first performs the Bronze process, then takes a look at the implementation of the policies and business processes inside your On-premise, Public cloud and Multicloud environments. In this step, we either need access to your infrastructure or collaborate with your IT personnel. This process is performed by one of our experienced security engineers, as well as an Artificial Intelligence Security Agent whenever possible (AI-SA).

3- CMI Diamond process: The Diamond process is the one that allows you to get a CMI certification, it is the combination of the Gold process with the CMI certification process, it first performs an analysis of your ISMS then takes a look at the implementation inside your infrastructure and then performs an audit that usually takes a day where some key personnel are questioned. This process allows you to improve your security posture and to make sure that you are ready for your next audit.

Do you want to know more about one of the three CMI processes? Do you have some specific questions specific to your business? Get in touch with us via email: contact@certifymyisms.com.