NAME

Overview This project focused on the complete technical implementation and support of ISO 27001 across three different organizations: Avanza Innovations, Digital Auxilius, and Minerva Research Solutions, a subsidiary of Revival Research Institute. Each company had its own environment and requirements, but the core objective was the same: establish, implement, and maintain the technical controls necessary for certification under ISO 27001.

The work across all three implementations followed a structured ISO 27001 framework focusing on the following key areas: 1. Asset Management Identified and documented all information assets, including servers, endpoints, networking equipment, and cloud services. Created and maintained asset inventories mapped to ownership, function, and criticality. 2. Access Control Integrated Active Directory for centralized identity management. Defined user roles, privileges, and separation of duties. Applied multi-factor authentication for remote and privileged access. 3. Network Security Implemented segmentation between user, management, and server networks. Hardened firewalls following vendor and CIS recommendations. Configured VPN encryption, logging, and certificate-based authentication for external connections. 4. System Hardening and Patch Management Established patching policies and automated updates for servers and endpoints. Applied CIS benchmarks on Windows and Linux systems. Deployed vulnerability scanning with Nessus and managed remediation cycles. 5. Logging and Monitoring Configured centralized log collection using Graylog and FortiAnalyzer. Integrated Wazuh as the SIEM for correlation and alerting. Set up automated Slack and Teams alerts for incident notifications. 6. Risk Management and Register Maintenance Developed a live risk register containing identified threats, existing controls, and mitigation plans. Linked vulnerability scan outputs and incident data directly to risk items. Reviewed and updated risk entries after every major infrastructure or policy change. 7. Incident Response and Evidence Management Created technical response workflows and maintained incident documentation templates. Enabled automated evidence collection (logs, screenshots, and reports) for audit preparation. Linked all tickets and corrective actions to specific ISO clauses for traceability.

All three organizations achieved ISO 27001 certification without major non-conformities. Audit evidence was complete and traceable, technical controls were properly documented, and remediation timelines were enforced through automation and structured reporting. Each environment now maintains ongoing compliance with real-time visibility into risk posture. This is only a surface-level breakdown; the real configurations stay offline for obvious reasons.