ISO 27001 Readiness Assessments – Are You Ready?
ISO 27001 (formerly BS7799) is recognized as the standard for information security management. It provides a framework to minimize the threats to information and communication technology assets and the business.
Most organizations already have a number of information security policies and controls in place, yet, these tend to be fragmented and are often based on generic threats or past security incidents.
A formal Readiness Assessment is not a requirement of certification to the ISO/IEC 2700 Standard but it can be helpful in assisting your organization to prepare for initial certiﬁcation.
The intention of the assessment is to save the organization time and money by identifying deficiencies in its Information Security Management System (ISMS) before seeking Certification to the ISO/IEC 27001 Standard.
Let Us Help You Achieve Compliance
TBG Security consultants have been helping customers comply with State and Federal business and privacy regulations for more than a decade.
Working as either a full-service consultant, or as an adjunct to your in-house teams, TBG Security will execute our phased compliance readiness process to ensure that the business meets or exceeds your compliance requirements.
- Creating a comprehensive information security policy.
- Performing an audit to determine current level of regulatory compliance.
- Providing remediation for vulnerabilities detected on your systems.
- Advising your company on specific steps needed to achieve compliance.
- Deploying security infrastructure to encrypt email messages automatically.
- Encrypting your company’s laptops and other mobile devices.
- Securing your primary security infrastructure, including firewalls, VPN access, anti-phishing, and tools to protect against malicious code.
What If I Don’t Comply?
While compliance is not mandatory, adhering to ISO 27001 standards reduces the likelihood of incurring fines or facing criminal prosecution due to non-compliance with any applicable laws and regulations.
ISO 27001 Cheatsheet
Regulation type: Standards
Governing body: ISO does not perform certification. Organizations looking to get certified to an ISO standard must contact an independent certification body.
Purpose: ISO 27001 was developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.”
ISO 27001 uses a risk-based approach and is technology agnostic. The specification defines a six-part planning process:
- Define a security policy.
- Define the scope of the ISMS.
- Conduct a risk assessment.
- Manage identified risks.
- Select control objectives and controls to be implemented.
- Prepare a statement of applicability.
Who must comply:
Certified compliance with ISO/IEC 27001 by an accredited and respected certification body is entirely optional but is increasingly being demanded from suppliers and business partners by organizations that are (quite rightly!) concerned about the security of their information, and about information security throughout the supply chain or network.
Get In Touch
Have you got questions about ISO 27001 Readiness Assessments? We’re here to help.