The ISO 27001 standard was developed to provide a consistent model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). The ISMS is not a one-size-fits-all system. Rather, the design, implementation, monitoring, and maintenance of an organization’s ISMS should be based off of their unique needs and requirements.
The ISO 27001 standard adopts the “Plan-Do-Check-Act” (PDCA) model, which is applied to structure all ISMS processes.
Our professionals will work closely and collaboratively with your management team to determine which sections of the ISO 27001 standard apply to your business’ operations. Through interviews with key management and IT personnel, we can identify the controls that need to be in place to meet the ISO 27001 compliance standard. Once the scope of the project has been determined, we begin the Readiness Assessment, which is based off the ISO 27002 standard.
A Readiness Assessment is a proactive approach to ensuring your security program will meet the ISO 27001 standard. Entities that are required to undergo an ISO 27001 compliance assessment typically first undergo a readiness assessment. When developing an information security program, many clients often find the first year is the most difficult. Not only do they have to comply with the new standard, but they need to build out their documentation and processes to comply with the standard. This is where our professionals step in. Once we have identified the scope of the project, we create a detailed document request list which includes every piece of documentation we need to perform walkthroughs. We work side-by-side with your management team and IT personnel to perform walkthroughs to verify essential security controls, programs and metrics are in place and designed effectively in accordance with the ISO 27001 standard. Once walkthroughs have been completed, we prepare a detailed report and gap analysis which will identify which controls will pass and which controls will fail. For each failed control, we will provide remediation assistance.
Once the Readiness Assessment has been completed, we will provide a detailed gap matrix which includes specific remediation steps the client must perform to pass each control. In cases where documentation is required, we assist in developing policies and procedures. Once controls have been remediated, our team will test the control to ensure it will pass. This second phase of testing is performed at no additional cost to our clients. Our vast experience in this area will create efficiencies in the remediation process, saving your company time and money.
SSAE 16 Professionals has assembled top tier leadership to help our clients through the ISO 27001 Readiness Assessment process. For further information regarding ISO 27001 Readiness Assessments, or to request a fee proposal from SSAE 16 Professionals, please visit our Contact Us page to submit an informational form or call 1-866-480-9485 today. We look forward to hearing from you!