ISO 27001 Services

ISO 27001 (previously BS 7799:2005 / ISO 17799) is a structured set of guidelines and specifications for assisting organisations in developing their own information security management system (ISMS). The standard relates to all information assets regardless of media type or location.

ISO 27001 has 11 domain areas, 39 control objectives and 133 controls in all. The security controls represent information security best practices and applied depending on business activities and requirements.

ISO 27001 suggests development and implementation of a structured Information Security Management System which governs security implementation and monitoring in an enterprise. The standard is designed to serve as ‘a single reference point for identifying the range of controls needed for most situations where information systems are used'.

Some of the benefits of implementing the ISO 27001 standard are as follows:

  • Brings an organisation to compliance with legal, regulatory, and statutory requirements.
  • Market differentiation through improved reputation and confidence.
  • Increase in overall organisational efficiency and operational performance.
  • Minimizes internal and external risks to business continuity.
  • ISO 27001 certification is recognised worldwide.
  • Significantly reduces the number and extent of security and privacy breaches.
  • Provides a process for Information Security and Corporate Governance.
  • Reduces operational risk through threat assessment and mitigation of vulnerabilities.
  • Provides an organisation with continuous protection that allows for a flexible, effective and defensible approach to security and privacy.

Gap Analysis

An initial assessment by Orthus qualified individuals identifies compliance gaps in order to establish priorities for remediation. A typical assessment includes the following stages:

  • Understand the structure of the organisation and scope of the Information Security requirement.
  • Establish management stance on Information Security.
  • Examine existing policies.
  • Identify principal information processes, information assets and relative value to the business.
  • Establish extent of existing processes and procedures.
  • Identify typical current procedural and technical safeguards in place.
  • Assess degree of compliance with applicable legislation (e.g. The Data Protection Act).
  • Assess policy/procedural/technical improvements that would be necessary to achieve alignment with the standard.
  • Report on the findings of the gap analysis and make recommendations for remedial action/strategy to achieve alignment with requirements of ISO 27001.

Beyond the Gap Analysis

Following the initial gap analysis Orthus can provide advice and expertise to assist organisations in reaching ‘certification readiness’. Additional services include:

  • Assistance in developing an Information Security Management Forum.
  • Assistance in developing and delivering Information Security Awareness training.
  • Identification and documentation of Information Assets, with owners.
  • Risk Analysis – more detailed than undertaken within the gap analysis and a requirement of the standard.
  • Setting of Control Objectives and Selection of Appropriate Controls – to manage the risks identified during the Risk Analysis.
  • Statement of Applicability – assistance with producing this document, a requirement of the standard.
  • Internal Audit Programme – assistance with creating a cross-functional audit team and associated procedures.
  • Pre-certification Audit.
 
 
 
 
Innovations View all >>
 
Latest News View all >>
 

© Orthus Limited 2008, Click here to read our Privacy Statement. Site map