ISO 27001

What is ISO 27001

ISO 27001 is a highly renowned and globally recognized Information Security Standard published by the International Organization for Standardization (ISO). It is a certifiable framework consisting of security policies and procedures designed to help organizations protect their data through an Information Security Management System (ISMS).

Getting ISO 27001 Certified

ISO 27001 certification is achieved by meeting requirements for establishing, implementing, maintaining, and continually improving an ISMS that meets your business needs. The ISO 27001 standard is broken into two separate parts, Clauses and Annex A.

Clauses 4-10 are mandatory requirements that all organizations seeking certification must satisfy. Each clause features a number of sub-requirements. Here is a high-level description of each clause:

Clause 4: Context of the Organization: Identify internal and external stakeholders, client lists, regulatory environments, etc.

Clause 5: Leadership: Identify strategic objectives and the necessary resources.

Clause 6: Planning: Detail how security objectives will be met.

Clause 7: Support: Detail how the organization will provide the resources needed to establish, implement, and maintain the ISMS.

Clause 8: Operation: Identify processes to mitigate risks that arise.

Clause 9: Performance Evaluation: Requires the monitoring, measurement, analysis, and evaluation of the ISMS.

Clause 10: Improvement: Identify actions designed to continuously better the ISMS.

Annex A consists of a set of security controls that are not required but can be implemented on an as-needed basis for your organization. A risk assessment can effectively identify the controls that are a good fit for your organization’s security program.

Once your organization has the policies, procedures, documentation, etc. in place it can bring in an accredited certification body to conduct an ISO 27001 audit. If the audit is successful, you will be issued an ISO 27001 certificate.

Benefits of ISO 27001 Certification

Meeting ISO 27001 standards will result in your organization having the policies, procedures, and technology in place that will protect your data wherever it lives, reducing the risk of cyber-attacks, and establishing a culture of information security.

ISO 27001 certification is a differentiator for businesses, regardless of their industry or size. Your certification will prove to customers that you are committed to protecting their data and will help you meet contractual security obligations. Recognized in countries worldwide, ISO 27001 certification can play an important role in gaining international business.

How we can Help

At CompliancePoint, we have a team of former ISO auditors and experienced practitioners that can prepare your organization for a successful ISO 27001 audit. We will put you on the path to certification by helping you identify and remediate gaps in your existing security program and implement the necessary policies, procedures, and technologies.

Once you have achieved your ISO 27001 certification, we can manage and maintain your ISMS to ensure compliance with ISO 27001 for future certifications.