Many organizations that desire ISO 27001 certification do not have the necessary personnel for knowledge transfer to maintain the ISMS or expand upon the scope of their ISMS. This requires the company to take one of two actions:

1. Internal Management:
   Hire and/or designate an internal employee to be trained to manage the ISMS. This internal management model requires the commitment of a full-time person (100% participation) for training during the ISMS implementation as well as dedicating future time and effort to adequately manage the certification requirements going forward. This may not be effective and efficient in terms of cost and time for many organizations. There is also no guarantee that the person trained will always be available to manage the ISMS and ISO 27001 certification requirements moving forward.
2. Orange Parachute's Outsourced ISMS/ISO 27001 Managed Service:
   Many organizations find it far more efficient and effective to simply empower Orange Parachute to act as the Outsourced Manager of the ISMS and ISO 27001 certification requirements. What this means is that Orange Parachute is responsible for managing the ongoing requirements of your Information Security Management System (ISMS) once we have implemented it and achieved ISO 27001 certification. This allows you to focus on your core business functions while Orange Parachute focuses on your efficient, effective, usable, and certified ISMS.

This service provides reassurance that not only will your organization maintain its' ISO 27001 certification status, it will also gain the maximum benefit that this business improvement standard is designed for.

The one necessary component of this service is for your highest level executive to empower Orange Parachute as your Outsourced ISO 27001 Provider.

ISO 27001 requires moving parts. Orange Parachute's ISMS / ISO 27001 Program Manager will provide the following services including:

• The Orange Parachute program manager will serve as the company advocate, point person, etc. for your ISMS.
• Your organization will have weekly ISMS status meetings, in which the notes will be emailed to the Orange Parachute program manager. The meeting minutes, status, and findings will be reviewed and responded to with additional questions, action items, etc.
• Once a month, a risk status report will be generated followed by a discussion (possibly verbal) as required between your organization and the Orange Parachute Program Manager.
• Twice a year we will come out for a bi-annual review.
• We will be onsite for certification, surveillance, compliance, or other information security audits as required.
• We will be available for onsite and offsite (calls and email) as needed for any consulting that is necessary.