Orange Parachute follows a four-phase process when developing an Information Security Management System (ISMS).

Phase 1: Information Security Assessment
Following an assessment of the organization's existing information security program and its conformance to the ISO 27001 standard, Orange Parachute prepares a gap analysis which shows the presence of information security controls while documenting the maturity level of those controls.

Phase 2: Developing an Information Security Management System
Orange Parachute consultants define the proper structure of the Information Security framework. This phase also includes empowerment of the program, organization of existing program elements, closure of control gaps, and development of other necessary program elements. If certification is the desired end result, an informal scope is determined, the certification body is selected, and a rough timeline is communicated.

Phase 3: Implementing the Information Security Management System
Orange Parachute facilitates implementation of Information Security Management program elements while helping to manage organizational change using a structured but flexible approach.

Phase 4: Pre-Certification of an ISMS
Orange Parachute assists the organization in completing the necessary steps for ISO 27001 certification of the Information Security Management System and the audit is scheduled.

 Information Security Management System Framework

 Information Security Management Model