ISO 27001 / ISO 27011 Compliance Advisory Service is a NourNet grc services offering that provides advisory and assessment support for information security controls aligned with ISO 27001 / ISO 27011 requirements. The service is delivered using the commercial model “One-Time” and measured by “Service”. It can be combined with relevant NourNet cloud, connectivity, cybersecurity, data-center, managed and professional services to form an end-to-end solution. Final sizing, architecture, price, service levels and responsibilities are confirmed through the approved quotation and service schedule.
ISO 27001 / ISO 27011 Compliance Advisory Service
Contact Sales
Advisory and assessment support for information security controls aligned with ISO 27001 / ISO 27011 requirements.
Service Information
- Unit
- Service
- Billing Model
- One-Time
- Minimum Contract
- One-time order or project engagement
- SLA
- Milestone-, deliverable- and response-based service levels defined in the statement of work
- Activation Time
- Project kickoff typically within 5–10 business days after purchase order and scope confirmation
- Region
- Saudi Arabia
- Data Residency
- Saudi Arabia
Key Features
- Structured assessment against the applicable framework or regulatory requirement
- Gap analysis, risk prioritization and actionable remediation roadmap
- Evidence, policy and governance support tailored to the customer environment
- Executive and technical reporting with clear ownership and recommendations
- ISO 27001/27011 control-alignment assessment
- ISMS documentation, evidence and certification-readiness guidance
- Description
- Service Details
- Additional information
- Service Scope
- Prerequisites
- Exclusions
- Compliance
Service Details
ISO 27001 / ISO 27011 Compliance Advisory Service is a NourNet grc services offering that provides advisory and assessment support for information security controls aligned with ISO 27001 / ISO 27011 requirements. The service is delivered using the commercial model “One-Time” and measured by “Service”. It can be combined with relevant NourNet cloud, connectivity, cybersecurity, data-center, managed and professional services to form an end-to-end solution. Final sizing, architecture, price, service levels and responsibilities are confirmed through the approved quotation and service schedule.
| Unit | Service |
|---|---|
| Billing Model | One-Time |
| Source Category | GRC Services |
| Region | Saudi Arabia |
| Data Residency | Saudi Arabia |
Service Scope
- Kickoff and stakeholder workshops
- Current-state assessment and evidence review
- Gap and risk analysis
- Recommendations, roadmap and agreed deliverables
Prerequisites
- Approved purchase order and final technical/commercial scope
- Authorized customer contacts and timely access to required information
- Completion of security, connectivity and access prerequisites
- Customer approval of the service design and responsibility matrix where applicable
- Named stakeholders and framework scope
- Availability of policies, evidence, risk records and process owners
Exclusions
- Items not explicitly listed in the contracted scope
- Third-party licenses, subscriptions or hardware unless specifically quoted
- Customer application changes, remediation or data cleansing unless included
- On-site activities, after-hours work or travel unless explicitly included
- Formal certification issuance by an independent certification body
- Implementation of remediation controls unless separately scoped
Compliance
- Framework mapping and compliance deliverables are limited to the contracted advisory scope
- Customer management retains accountability for risk acceptance and regulatory decisions
- Supports alignment with ISO/IEC 27001 and ISO/IEC 27011 controls; certification remains subject to an accredited certification body
