ISO 27001

ISO 27001 Readiness Assessments

Overview

The ISO 27001 standard was developed to provide a consistent model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). The ISMS is not a one-size-fits-all system. Rather, the design, implementation, monitoring, and maintenance of an organization’s ISMS should be based off of their unique needs and requirements.

The ISO 27001 standard adopts the “Plan-Do-Check-Act” (PDCA) model, which is applied to structure all ISMS processes.

  • Plan (establish the ISMS): Establish ISMS policy, objectives, processes and procedures relevant to managing risk and improving information security to deliver results in accordance with an organization’s overall policies and objectives.
  • Do (implement and operate the ISMS): Implement and operate the ISMS policy, controls, processes and procedures.
  • Check (monitor and review the ISMS): Assess and, where applicable, measure process performance against ISMS policy, objectives and practical experience and report the results to management for review.
  • Act (maintain and improve the ISMS): Take corrective and preventive actions, based on the results of the internal ISMS audit and management review or other relevant information, to achieve continual improvement of the ISMS.

Project Scoping

Our professionals will work closely and collaboratively with your management team to determine which sections of the ISO 27001 standard apply to your business’ operations. Through interviews with key management and IT personnel, we can identify the controls that need to be in place to meet the ISO 27001 compliance standard. Once the scope of the project has been determined, we begin the Readiness Assessment, which is based off the ISO 27002 standard.

Readiness Assessment and Reporting of Results

A Readiness Assessment is a proactive approach to ensuring your security program will meet the ISO 27001 standard. Entities that are required to undergo an ISO 27001 compliance assessment typically first undergo a readiness assessment. When developing an information security program, many clients often find the first year is the most difficult. Not only do they have to comply with the new standard, but they need to build out their documentation and processes to comply with the standard. This is where our professionals step in. Once we have identified the scope of the project, we create a detailed document request list which includes every piece of documentation we need to perform walkthroughs. We work side-by-side with your management team and IT personnel to perform walkthroughs to verify essential security controls, programs and metrics are in place and designed effectively in accordance with the ISO 27001 standard. Once walkthroughs have been completed, we prepare a detailed report and gap analysis which will identify which controls will pass and which controls will fail. For each failed control, we will provide remediation assistance.

Remediation Assistance

Once the Readiness Assessment has been completed, we will provide a detailed gap matrix which includes specific remediation steps the client must perform to pass each control. In cases where documentation is required, we assist in developing policies and procedures. Once controls have been remediated, our team will test the control to ensure it will pass. This second phase of testing is performed at no additional cost to our clients. Our vast experience in this area will create efficiencies in the remediation process, saving your company time and money.

Resources

SSAE 16 Professionals has assembled top tier leadership to help our clients through the ISO 27001 Readiness Assessment process. For further information regarding ISO 27001 Readiness Assessments, or to request a fee proposal from SSAE 16 Professionals, please visit our Contact Us page to submit an informational form or call 1-866-480-9485 today. We look forward to hearing from you!