Here at CAW Consultancy Business Solutions we pride ourselves on being the most cost effective business solution in the UK, providing 
a range of services for example ISO 9001, ISO 14001, OHSAS 18001 and all other British standards. We are now proud to annouce that
we have launched a new range of bespoke paperless management systems and software - call now for a no obligation Quote.

CAW Consultancy Business Solutions Ltd  

Affordable, Straight talking Consultancy with a Twist 

ISO 27001 - Information Security

ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System (ISMS) standard published in October 2005 by the International Organization for Standardisation (ISO) and the International Electrotechnical Commission (IEC). Its full name is ISO/IEC 27001:2013 - Information technology -- Security techniques -- Information security management systems -- Requirements but it is commonly known as "ISO 27001". 

ISO/IEC 27001 requires that management:
  • Systematically examine the organisation's information security risks, taking account of the threats, vulnerabilities and impacts;
  • Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
  • Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.

ISO/IEC 27001:2013 is intended to be suitable for several different types of use, including the following:
  • se within organisations to formulate security requirements and objectives;
  • use within organisations as a way to ensure that security risks are cost effectively managed;
  • use within organisations to ensure compliance with laws and regulations;
  • use within an organisation as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organisation are met;
  • definition of new information security management processes;
  • identification and clarification of existing information security management processes;
  • use by the management of organizations to determine the status of information security management activities;
  • use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organisation;
  • use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;
  • implementation of business-enabling information security;
  • use by organisations to provide relevant information about information security to customers.

How to achieve ISO 27001 certification – ISO 27001 implementation / Certification steps

CAW Consultancy Business Solution Ltd offers a well defined and globally proven implementation methodology for ISO 27001-2013 certification. 

  • Gap Analysis
  • Awareness Training
  • Risk analysis
  • Documentation Design and finalisation
  • Implementation
  • Internal Auditor Training and conduct of internal audit
  • Management Review Meeting
  • Review of Implementation
  • Pre-assessment audit
  • Stage 1 – certification audit
  • Stage 2 – certification audit
  • Award of ISO 27001 certification
  • Continual improvement of the system through value added consulting and training services

ISO 17020 - Inspection Standard

This International Standard specifies general criteria for the competence of impartial bodies performing inspection irrespective of the sector involved. It also specifies independence criteria. This standard is intended for the use of inspection bodies and their accreditation bodies as well as other bodies concerned with recognizing the competence of inspection bodies 

Benefits of ISO 17020 Accreditation
  • Uniformity in execution and reporting method for the people carrying out the activity.
  • Reduced penalty in case of disputes
  • Meeting the accreditation requirements
  • Reduced customer complaints
  • Proof of conforms to specified requirements

How to achieve ISO 17020 - Accreditation / implementation steps

CAW Consultancy Business Solutions offers a well defined and globally proven implementation methodology for ISO 17020 certification.

  • Gap Analysis
  • Awareness Training
  • Documentation Design and finalization
  • Implementation
  • Internal Auditor Training and conduct of internal audit
  • Management Review Meeting
  • Review of Implementation
  • Pre-assessment audit
  • Stage 1 – certification audit
  • Stage 2 – certification audit
  • Award of ISO / IEC 17020 Accreditation
  • Continual improvement of the system through value added consulting and training services

We Offer knowledge moulded locally to bring in the best results for our clients and partner their journey of standardization, compliance, growth, success and continual improvements.

  • Conduct an initial gap analysis
  • Help you establish policies and objectives
  • Identify documentation requirements
  • Make assignments and prepare schedules
  • Prepare documentation
  • Coordinate document preparation, reviews, approvals, and production
  • Prepare the following key documents:

Quality PolicyQuality ManualProceduresMaster List of Documents
  • Manage implementation schedules, training, follow-up actions
  • Help you select a Registrar that has experience in your industry
  • Prepare status reports and monitor progress
  • Conduct training
  • Conduct internal audits
  • Request registration
  • Conduct vendor and supplier audits
  • Conduct customer satisfaction surveys
  • Develop quality system intranets to help you manage your documents

ISO 22301 - Business Continuity 

We provide ISO 22301 consulting, implementation, audit and certification support. This includes a phase wise approach that involves understanding business context to business continuity, business impact analysis (BIA), risk assessment, exercise and testing, detail recommendations, policy/documentation support, training, coaching employees/teams, coaching business continuity managers, audit and management review leading to successful zero defect ISO 22301 certification.


BCMS is the organizations' capability to respond post a crisis within a pre-determined response time. BCMS is not how you prevented crisis but more importantly what you will do post crisis. Crisis can be described in several outage scenarios but chiefly they can combine people outage or unavailability, physical site, communication or technology, and/or vendor unavailability. Setting up BCMS involves understanding business and its requirement for recovery expressed in unit of time. In addition, it also involves business continuity decisions on architecture, definition, documentation, implementation, measurement and audits. The most important feature of BCMS is testing your plans - because your business continuity is as good as it is tested.


The standard is divided into 10 following clauses. For ISO 22301 certification only Clause 4 to 10 is applicable.

Clause 1 – Scope
Clause 2 – Normative References
Clause 3 – Terms and definitions
Clause 4 – Context of the organization
Clause 5 – Leadership
Clause 6 – Planning
Clause 7 – Support
Clause 8 – Operation
Clause 9 – Performance Monitoring
Clause 10 – Improvement

Upon ISO 22301 certification what should happen in the organisation?

An organisation getting ISO 22301 certification has the following key strengths:

  • A business continuity policy signed by the top management typically CEO.
  • Identification of core business activities including products, services and support functions whose unavailability is simply not acceptable to business
  • A formal risk assessment process – which shows your single point of failures - be it team, technology, site or vendors.
  • Documented plan of restoration in each aspect of your continuity. You will have event - wise plans and outage wise plans. 
  • Each plan is tested and the learning of the test is documented for next testing. A test makes the organisation more resilient and provides a sense of assurance.
  • Trained manpower to carry out there business continuity function
  • A dashboard that goes from business continuity management team to top management explaining how business continuity is performing
  • An annual BCMS plan that shows the BCMS activities that involves design, implementation and audits.
  • Reduction in enterprise risk insurance premium.