How Cyber steps works

Coaching Services

We understand that every business is at a different stage of the ISO 27001 journey. That’s why we will meet you where you are with bespoke coaching from one of our cyber risk experts that’s customisable depending on your budget, stage and business size. Our team of cyber risk experts are here to equip you with the knowledge and skills you need to go out and earn your ISO 27001.

Cyber Checkpoint

$ 250


1-Hour ISO 27001 Implementation Consultation Session:

  • Cover a single ISO 27001 control area, or your greater cyber risk management strategy.
  • Receive tailored recommendations and concise, valuable guidance in a focused session.
Cyber Navigator

$ 800


4-Hour Coaching Package for ISO 27001 Implementation:

  • Choose from 4 x 1-hour sessions, 2 x 2-hour workshop sessions, or a mix.
  • Tailor each session to cover what matters most to you.
  • Adjust the format and topics as your needs evolve.
  • Learn with us then take the coaching back to your team.
Cyber Expedition

$ 1,500


8-Hour Coaching Package for ISO 27001 Implementation:

  • Choose from 8 x 1-hour sessions, 4 x 2-hour workshop sessions, or a mix.
  • Tailor each session to cover what matters most to you.
  • Adjust the format and topics as your needs evolve.
  • Learn with us then take the coaching back to your team, or mix it up.
  • Cost effective choice for moving through the implementation faster.

Your ISO 27001 journey, your way

Experience personalised coaching driven by your business needs. We don't believe in cookie-cutter processes. We offer bespoke coaching services designed to meet you exactly where you are on your ISO 27001 journey. Whether you're just starting out, in the midst of the process, or looking for that final push, our team of cyber risk experts is by your side. 

Our approach is clear: we're not here to hand you a certification; we're here to empower you to go out and earn it. We’ll give you the knowledge and confidence needed to navigate the ISO 27001 implementation process and strengthen your organisation's cybersecurity posture.

Set Goals

Work with our experts to outline what you want to achieve for your business.

Teamwide Impact

Share insights with your team for collective knowledge transfer.

Flexible Format

Determine the format and pace, and feel free to change it at any time.

Policy Support

Talk to us about your business and we’ll help you design policies that incorporate best practice and what’s practical for your business. 

Support Services

If you’re looking for more specific assistance with your ISO 27001 framework, audits, team training or ongoing maintenance, talk to us about our additional support services.

ISO 27001 Baseline Review

Understand what’s ahead of you before you begin ISO 27001 implementation. 

  • We’ll conduct a gap analysis to assess your current security posture against the ISO 27001 standard.
  • Understand the amount of work required to align fully with the standard so you can plan ahead.
  • Receive a comprehensive report with an executive summary and indicative Statement of Applicability.
  • Bespoke pricing.
Get in touch
ISO 27001 Internal Audit

Outsource your ISO 27001 internal audits to ensure your mandatory internal audits are conducted correctly. 

  • We will plan and undertake your audits to ensure they are conducted correctly to help you maintain an effective ISMS.
  • Bespoke pricing
Get in touch
ISO 27001 Pre-audit Assessment and Coaching

Get peace of mind with expert input and review of your mandatory policies and information security management system (ISMS) before your certification audit. We will:

  • Review your ISMS, identify any gaps and help you give it a final polish.
  • Provide you with audit coaching: guidance as to what to expect and type of audit questions to anticipate.
  • Bespoke pricing
Cyber Security Training

Ensure ISO 27001 compliance with ongoing employee education and training on cybersecurity risks.

  • Online training subscription with monthly learning modules.
  • Simulated phishing tests to enhance awareness and response.
  • Bespoke pricing.
Get in touch
Cyber Guardian: Information Security Management

Keep up to date with ongoing maintenance, reporting and continuous improvement of your ISMS and be ready for your annual surveillance audits with your own Information Security Manager (ISM).

  • General ISMS maintenance, monitoring and reporting.
  • Risk management services.
  • Policy updates as required.
  • Vendor management.
  • Internal audits.
  • Bespoke pricing.
Get in touch
Cyber Incident Response Planning

Being prepared for a cyber incident is the best plan to have. We'll help you reduce the impact of an attack and ensure a calm, co-ordinated and efficient response.

  • We will help you formulate an incident response plan and playbooks based on your business needs.
  • Incident Response Plan Testing
  • Bespoke pricing
Get in touch

Frequently asked questions

Not sure which product is right for you? Or looking for more information on the implementation of the ISO 27001 framework?? Check out our frequently asked questions.

Who is delivering the Cyber Steps coaching and support?

Cyber Steps is delivered by CyberWorqs, an Australian based cyber risk management consulting firm. We work with businesses across all industry sectors to help management teams understand cyber security risk as an operation risk and what it takes to build a cyber security culture in the organisation.

Our team of coaches are seasoned professionals with extensive expertise in ISO 27001 and cybersecurity governance, risk and compliance. They bring practical insights and industry best practices to guide you effectively.

How does the coaching process work?

Our coaching process involves tailored sessions where we address your specific needs and goals for ISO 27001 implementation. We work closely with you to customise the format, topics, and learning approach.

Can I choose the topics to cover in each session?

Absolutely! You have full control over the topics covered in each coaching session. We’re happy to provide guidance but overall we adapt the content to align with your priorities and areas of focus.

What if I'm not sure which topics to prioritise in each session?

If this is the case we can spend some of our initial session assessing your organisation's unique requirements to help identify the most relevant topics to cover. We will also help you plan a roadmap.

How long does the entire process take?

We work to your timing and budget. It is important to remember that implementing ISO 27001 involves making changes to your business. Depending on what changes are required, you can expect it to take 3-6 months to implement an ISMS.

Can the coaching sessions be adjusted as we progress?

Yes, flexibility is built into our coaching approach. As your needs evolve, we can modify the format and content of the sessions to ensure continued relevance and effectiveness.

Is the coaching only for individuals, or can my team participate as well?

Yes, our coaching program can be extended to include your team members. We encourage workshops for knowledge sharing and offer guidance on how to cascade the learnings to your wider organisation.

Are the coaching sessions conducted in person or online?

We offer online coaching sessions to accommodate your preferences and geographic location.

Can the coaching help us address specific challenges we're facing?

Absolutely! Our coaching sessions are designed to address your unique challenges and provide targeted solutions tailored to your organisation's needs.

How soon can we start the coaching program?

We strive to accommodate your timeline. Once you purchase your desired program we can promptly book in the first coaching session.

What outcomes can we expect from the coaching program?

By participating in our coaching program, you can expect to gain a deeper understanding of ISO 27001, whether this be a specific control we are focusing on or an area of the framework. You will be able to confidently navigate the next step towards a successful certification and overall improved cyber security posture for your business.

What is the difference between the coaching services and the support services?

Our coaching services are packaged up in three offers, with different hours depending on what you require. Our support services are single engagements or ongoing services to complement your ISO 27001 implementation and obligations. Coaching services are best for those who are working through their ISO 27001 framework, our support services are for more individual circumstances or specific times within the implementation and certification lifecycle.

What does the ISO 27001 Baseline Review report include?

The comprehensive report includes an executive summary and indicative Statement of Applicability. It provides a detailed analysis of your current security posture and the Annex A controls that are likely to be applicable to your ISMS.

Can I outsource my ISO 27001 internal audits?

Yes! Outsourcing internal audits ensures that they are conducted correctly and thoroughly by expert analysts. It brings an unbiased perspective and ensures compliance with the mandatory audit requirements. We can help you conduct these audits, simply get in touch.

What will I receive after the internal audit?

After the internal audit, you will receive a detailed report that provides insights into your organisation's adherence to ISO 27001 requirements. The report will highlight areas of strength, non conformities and areas that need improvement.

How can I prepare for the ISO 27001 audit?

We’d recommend a pre-audit assessment where we’ll review your mandatory policies and ISMS. It identifies gaps and we provide you with a report with actionable steps to polish your ISMS. We also offer an audit coaching service to provide guidance and help you anticipate and answer audit questions effectively. It prepares your organisation for the certification audit and ensures readiness.

How does the online training subscription work?

The online training subscription (USecure) is an annual subscription which delivers monthly learning modules in the form of videos and quizzes. It also includes a monthly simulated phishing test to enhance employee awareness and response to phishing attacks. Real-world phishing scenarios are simulated to test and improve their ability to recognise and respond to potential threats. It enables ongoing employee education and training on cybersecurity risks, ensuring ISO 27001 compliance.

What are cyber risk management services?

Cyber risk management services involve identifying and assessing potential risks to your organisation's information security. It includes implementing risk treatment measures in line with the ISO 27001 framework.