ISO 27001 Certification Readiness

ISO 27001 Certification Readiness РSetting the standards

Obtain best practices on information security management

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) has set the international standards on Information Security Management in the ISO/IEC 27000 series. Specifically, the guidance on the security techniques ‘ISO 27001’ and the code of practice for information security management ‘ISO 270002’ is commonly known as “ISO27001/2”. A number of regulating agencies, including the Data Protection Commissioner, have declared ISO 27001/2 to be a benchmark for prudent and competent practice. However, companies find challenges in adopting the standard while remaining mindful of costs.

Elevate’s information security & risk management approach is pragmatic and is focused on finding the right fit balance to meet your security objectives and satisfy your stakeholders. Our approach is as follows:

  • Review the information security policy, and advise on and agree to the scope
  • Provide methodology and conduct a security risk assessment
  • Agree on control objectives (Statement of Applicability)
  • Review controls in place and provide documentary requirements
  • Provide an Information Security Management status report with detailed findings to obtain management’s response
  • Prepare a final report with recommendations for improvement and options regarding the full adoption / implementation of ISO 27001/2