What is ISO 27001
ISO27001 has become the de-facto standard for implementing an Information Security Management System.
It is designed to provide a framework for implementation of technical and procedural security controls and processes for managing them.
The framework implements the Plan, Do, Check, Act (PDCA) four-step management cycle methodology.
A successful implementation sees the process go through the steps iteratively to achieve continual improvement.
Why Become Compliant
ISO27001 implementation is not implemented without resource cost and so you should understand what you will to get out of the process before you start.
Many companies consider the project as merely an exercise to improve security, however compliance can offer so much more. These implicit benefits include:
- Improvements in Business Efficiency
- Quality Assurance Process Enhancements
- Legal and Regulatory Liability Mitigation
- Reliability and Security of Systems
- Improved Customer and Business Partner Confidence
- Enhanced Business Continuity
- Improved Managerial Control
What Can We do
AC Assure has proven experience in 27001 implementation and can either take ownership of the full project or provide help and support in the following areas:
- Completing a Project Plan
- Creating an ISMS Scope and Policy
- Completing a Risk Assessment
- Creating a Statement of Applicability (SOA)
- Implementation of various Technical and Procedural Controls
- Completing Independent Internal Audits *
* Please note audits must not be performed by stakeholders who implement the activity they audit.