HomeServicesGovernance, Risk and ComplianceISO 27001 Readiness

ISO 27001 Readiness

ISO 27001 (formerly BS7799) is recognized as the standard for information security management. It provides a framework to minimize the threats to information and communication technology assets and the business.

A formal Readiness Assessment is not a requirement of certification to the ISO/IEC 2700 Standard but it can be helpful in assisting your organization to prepare for initial certification.

The intention of the assessment is to save the organization time and money by identifying deficiencies in its Information Security Management System (ISMS) before seeking Certification to the ISO/IEC 27001 Standard.

ISO27001 Danışmanlık

What are the ISO 27001 standards?

Before embarking on an ISO 27001 certification attempt, all key stakeholders within an organization should become very familiar with how the standard is arranged and used. ISO 27001 is broken into 12 separate sections:

Introduction

describes what information security is and why an organization should manage risks.

Scope

covers high-level requirements for an ISMS to apply to all types or organizations.

Normative References

explains the relationship between ISO 27000 and 27001 standards.

Terms and Definitions

covers the complex terminology that is used within the standard.

Context of the Organization

explains what stakeholders should be involved in the creation and maintenance of the ISMS.

Leadership

describes how leaders within the organization should commit to ISMS policies and procedures.

Planning

covers an outline of how risk management should be planned across the organization.

Support

describes how to raise awareness about information security and assign responsibilities.

Operation

covers how risks should be managed and how documentation should be performed to meet audit standards.

Performance Evaluation

provides guidelines on how to monitor and measure the performance of the ISMS.

Improvement

explains how the ISMS should be continually updated and improved, especially following audits.

Reference Control Objectives and Controls

provides an annex detailing the individual elements of an audit.

Why you choose us

Niche expertise

We’re consulting specialists rather than generalists, focusing our strengths to do a highly effective job for a very specific group of clients.

Read More

Decades of collective experience

Our associates and subject matter experts have decades of experience in strengthening companies like yours.

Read More

Personal service from senior-level consultants

You appreciate it when deadlines are met, phone calls are returned and your challenges are given in-depth, out-of-the-box thinking.

Read More

let's talk

contact us