ISO 27001 Compliance Services
ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.
Our Experienced Information Safeguard ISO 27001 Lead Auditors will perform the assessment against the ISO27001:2013 framework.
Our assessments include an evaluation of ISO27001 Annex A controls.
A.5: Information security policies (2 controls)
A.6: Organization of information security (7 controls)
A.7: Human resource security – 6 controls that are applied before, during, or after employment
A.8: Asset management (10 controls)
A.9: Access control (14 controls
A.10: Cryptography (2 controls)
A.11: Physical and environmental security (15 controls)
A.12: Operations security (14 controls)
A.13: Communications security (7 controls)
A.14: System acquisition, development and maintenance (13 controls)
A.15: Supplier relationships (5 controls)
A.16: Information security incident management (7 controls)
A.17: Information security aspects of business continuity management (4 controls)
A.18: Compliance; with internal requirements, such as policies, and with external requirements, such as laws (8 controls)
The ISO 27001 certification process
Once you are ready for certification, you will need to engage the services of an independent, accredited Certification Body (CB). These CBs have been assessed by the relevant national authority based on their competence, impartiality, and performance capability through a rigorous assessment process.
The certification process consists of two stages and is conducted by a qualified auditor:
Stage 1
The auditor will review your documentation to check that the ISMS has been developed in accordance with the Standard. You will be expected to present evidence of all key aspects of the ISMS, but how much depends on the CB’s requirements.
Stage 2
If you pass the first stage, the auditor will conduct a more thorough assessment. This will involve reviewing the actual activities that support the development of the ISMS. The auditor will analyse your policies and procedures in greater depth, and review how the ISMS works in practice, with an on-site investigation. The auditor will also interview key members of staff to verify that all activities are undertaken in accordance with the specifications of ISO 27001.