ISO 27001 and 27002 are world renowned information security standards published by the International Organization for Standardization (ISO). These standards help organizations around the globe secure their information systems and demonstrate to their stakeholders that they take security seriously.
ISO 27001 is designed to "provide requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS)". ISO 27002 "established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization".
The new ISO27002:2013 has been released and covers the following aspects of security:
- Security Policy
- Organization of Information Security
- Human Resources Security
- Asset Management
- Access Control
- Physical And Environmental Security
- Operations security
- Communications Security
- Information Systems Acquisition, Development, Maintenance
- Supplier Relationships
- Information Security Incident management
- Information Security Aspects of Business Continuity
If your organization would like assistance implementing these standards or demonstrating compliance with them, we can help. We can help your management team to determine which standard and sections are relevant to your business. If you are new to ISO 2700x, we can help you by performing a readiness or gap assessment to determine your current state of compliance. If you have security weaknesses, we can help your organization make the necessary changes by providing remediation assistance. If you are ready to demonstrate your compliance, we can help by performing a full-blown independent assessment and issuing a report on compliance.
Regardless of your ISO needs, we can help. Our security and compliance experience along with our innovative approach for evidence collection create efficiencies throughout the process, saving your company time and money.