June 7, 2017

ISO 27001 Compliance | International Standard for Information Security

Overview


ISO 27001 is the international standard that describes best practice for an information security management system (ISMS) and is the only internationally-accepted, universal standard for information security governance. ISO 27001 provides guidance on implementation, management and maintenance of an effective information security program. Many organizations choose to align their organization to ISO 27001 as a best practice or seek to achieve ISO 27001 certification to demonstrate commitment to information security to clients and internal leadership.

Where We Excel


Our management level consultants have experience with hundreds of SOC 2 engagements. In addition to our seasoned personnel we offer the following benefits on every project:

  • Development of customized ISO 27001 implementation strategy that alights with business objectives,
  • Mapping ISO 27001 to other frameworks such as SOC 2 and HIPAA that may apply to your organization,
  • Managing the ISO 27001 implementation process from project start to certification,
  • Competitive pricing and discounts for multi-year contracts,
  • Flexible on-site or remote fieldwork by using our secure audit documentation workflow tool (inview), and
  • Director-level support and involvement in each phase of the engagement.

FAQs


  • What are the benefits of ISO 27001?
  • What is an ISMS?
  • What is the scope of ISO 27001?
  • What type of commitment does it require to achieve ISO 27001 certification?
  • Can I get an ISO 27001 Certification and SOC 2 report?
A few key benefits of ISO 27001 include:

  • ISO 27001 provids a strong international framework to ensure compliance with commercial, contractual and legal obligations.
  • Demonstrating alignment with ISO 27001 can provide a competitive advantage when demonstrating commitment to information security.
  • Implementing best practices around information security will minimize exposure to information security related risks.

“ISMS” stands for Information Security Management System and refers to the set of policies, people, governance strategy, and technology utilized to meet information security commitments. Most organizations have a set of policies that dictate their information security requirements and refer to this policy or set of policies as the ISMS Policy.
The scope ISO 27001 is determined by the relevant coverage of your Information Security Management System (ISMS). This could include your entire organization or specific departments or business units within your organization. Many organizations, especially large corporations, choose to obtain ISO 27001 certification over specific business units or locations while leveraging ISO 27001 as an organization wide information security strategy.
To achieve ISO 27001 certification management must make an commitment to implementing and maintaining sound information security practices. Typically this includes a period of readiness that last between 3 – 12 months. After an organization has prepared for ISO 27001 certification there is an initial audit in year one followed by “surveillance” audits in year two and three. This process repeats thereafter.
Absolutely. Our team specializes in assisting organizations in establishing programs to attain multiple compliance/certification requirements simultaneously. This is possible because most well established information security frameworks have requirements that overlap. We build programs that allows auditors to easily map and test a single set of unified controls that map to many security/compliance requirements thereby increasing efficiency and reducing cost.