Add Your Heading Text Here
Organisations are seeking to demonstrate to their stakeholders, business partners and customers some form of ‘fit for purpose’ assurance regarding their information security. A small gap in an information security management system may have dramatic consequences. Organisations need to define and maintain controls to avoid risk of leakage or destruction of confidential information. ISO/IEC 27001 gives information on measures, on what effects they have and how to implement them. The standard defines the desired best practice methods for controlling (Protecting) information – Confidentiality, Integrity & Availability. ISO/IEC 27001 compliance certificate provides assurance that the management system for information security is in place, but says little about the absolute state of information security within the organization.
Ascent Lanka understands all these issues and can perform the necessary assessment /Improvement to help you achieve ISO 27001:2013 Certification. Our information security expert’s work with you to create an information security program custom built to suit your business’s needs. Our experience and knowledge of the current IT security environment protect your business from all forms of risk including data breaches, disruption of services, and real world attacks. We bring your business into compliance, improve operational efficiency, and reduce costs.
What is ISO/IEC 27001?
ISO 27001, also known as ISO/IEC 27001, is an Information Security Management System (ISMS) standard created by the International Organization for Standardization (ISO). It is a formal set of guidelines and specifications for organizations to use in developing their information security framework. This standard mandates a particular set of controls that need to be in place for your ISMS. Therefore, organizations that claim to have adopted ISO 27001 can be formally audited and certified compliant with the standard.
It is this ability to certify the operation of ISMS that makes the standard unique and makes it ideal to be used as a form of independent attestation to the design and operation of an Information Security program. Pivot Point Security is a leading consulting firm for ISO 27001 certification and has worked with organizations of all sizes.
Basic Overview of ISO 27001 Certification Process
|Gap Analysis (if needed)|
|Introductory Training, Process Mapping & Planning|
|Risk Assessment and establishment of Controls|
|Rollout Training and Informal Assessment|
|Management Review, Internal Audit|
|Stage I Audit, Stage II Audit|
The purpose of ISO 27001 is to enable an organisation to demonstrate that they have effective methodology in place to ensure that its information is kept secure. Companies have many levels of valuable information where the highest will often include developing patents, staff personal information, key financial data etc. Lesser levels will often be current customers, current bids and finally there will be some information you want to be publicly available, typically what may appear on your web site where there is little need for security of this information.
Protection normally addresses who has access to information and what they can do with it. Systems must be in place to ensure that those outside the business cannot gain access or modify the data through virus attacks, spying software and spoofing, and internal data cannot be lost through issues such as IT failures (disk drive crash) or staff copying the data.
ISO 27001 provides a formal way of identifying valuable information, deciding how it is to be protected, putting in place the protections and monitoring, maintaining and reviewing these protections for effectiveness to possibly make changes to information types held.
Ascent Lanka consultants realise a balance has to be achieved between securing key information and making it accessible to the authorised staff in a user friendly way.
Our Consultants are experienced in the requirements of ISO 27001 and have a background in IT or electronics and are trained assessors. ISO 27001 Blueprint/Gap
The aim of the gap analysis stage is to review the current state of the in scope areas of the business against the controls and requirements of ISO 27001, highlighting the areas that currently meet the requirements and the areas that they are currently falling short. This is a key phase as it will allow both ascent Lanka and you to identify where resources will need to be assigned during the project. The output from this stage is a report that details the findings of the gap analysis and prepares the initial Statement of Applicability (SoA).
ISO 27001 Remediation
For an organisation implementing their first ISO 27001 ISMS there are likely to be a number of actions required to achieve the desired outcome, particularly in the governance arena. Ascent Lanka are happy to play any role in the remediation phase, from ad-hoc consultancy, to planning and ownership of all remediation actions and any point in between. At all times, Ascent Lanka is focused on ensuring the implementation of an ISMS that can be maintained over time and provide effective IA for the client.
What are the benefits of ISO/IEC 27001 Information Security Management?
- Identify risks and put controls in place to manage or eliminate them
- Flexibility to adapt controls to all or selected areas of your business
- Gain stakeholder and customer trust that their data is protected
- Demonstrate compliance and gain status as preferred supplier
- Meet more tender expectations by demonstrating compliance
How Ascent Lankacan help you get certified
Drawing on our unique blend of practical information security know-how and proven management system consultancy expertise, our team will help you implement ISO 27001-compliant ISMS without the hassle, no matter where your business is located. We’ve helped more than 100 consultancy clients achieve ISO 27001 certification and compliance.
Backed by years of experience and a deep understanding of what auditors expect, you’ll be able to apply for certification with your chosen certification body with confidence.
We offer a hassle-free service and transparent pricing.
You receive crucial input to help you develop a business case, allowing you to secure the necessary information security investment.
You can keep control over your ISMS because we teach you how to maintain it following certification*.
Ascent INSPECTA implementation approach and methodology is pragmatic, proven and straightforward.
You receive a 100% guarantee of successful certification.