ISO/IEC 27001 specifies a set of standards that assist organizations establish, implement and maintain controls for the protection of critical IT assets. These controls are used in conjunction with ISO/IEC 27002 to establish standards for maintaining and continually improving an information security management system. Our team of compliance consultants has extensive experience in assessing, base-lining, facilitating, and making recommendation against the ISO 27002:2013 framework for organizations of any size.
OUR PROCESS
- Create an overview of your ISO 27001/27002 risk profile and review your current policies, processes, and procedures related to ISO 27001/27002 compliance.
- Conduct an assessment of your current performance in line with the ISO 27001/27002 framework and your risk profile then identify the vulnerabilities, both organizational and technological.
- Make recommendations for improvement of your control environment in line with the ISO 27001 framework and develop a practice-based protection strategy and risk mitigation plan to support the organization’s mission and priorities.
- Assess your current ISO 27001/27002 compliance training.
- Assess by line functions and internal audit your current level of ISO 27001/27002 compliance monitoring.
BENEFITS
- Your review procedures will closely resemble those used by the audit community.
- We will create a report that identifies gaps in your organization’s compliance with the ISO 27001/27002 standard.
- Our compliance professionals work with your team to find solutions to compliance problems.
- Your employees can focus on serving the needs of your customers/members while we take care of your compliance.
DELIVERABLES
- An ISO 27001/27002 risk profile report describing the risks that the organization has identified.
- An ISO 27001/27002 gap analysis and recommendations.
- Recommendations for inclusion or exclusion of control processes.
- A complete review of policies and procedures against the requirements of ISO 27001/27002.