- Adoption of ISO 27001 is accelerating internationally
- Organisations are recognising that from being a discriminator it will soon be a prerequisite to conducting business in many sectors
- Alignment with the ISO 27001 standard can be a daunting task
- Commissum’s experienced professionals are able to manage the transition process for you efficiently
ISO 27001 Transition Management Issues
Establishing the Information Security Management System (ISMS) necessary to achieve alignment with the ISO 27001 standard can be a daunting task. If done in-house, it is likely to divert significant resources and attention from the tactical demands of security management and administration, and from the business of the organisation in general. If you have decided to seek formal certification, you will wish to adopt a “right first time” approach, as failing to achieve it will not only reflect badly on your business and security management practices, but may also also significantly increase the cost of the process.
The UK Department of Trade and Industry (DTI) has published a roadmap for achieving alignment with ISO 27001. The process is complex, and for efficient and effective implementation it requires experience and knowledge of risk management, and the establishment of security controls and documentation.
The UK DTI guidance material stresses that an organisation should use risk management techniques to establish the scope and depth of requirement for security controls. Controls and processes must be appropriate to the business. Commissum’s experienced professionals are able to manage the process for you efficiently, the elements of the approach being:
- Proven management plans used to conduct assignment
- ISO 27001 gap analysis undertaken to establish requirements
- Experienced IT Security Manager conducts requirement review and analysis
- Definition of control objectives and statement of applicability maps the organisation’s security requirements to the applicable clauses of the standard
- Implementation plan drawn up to achieve control objectives
- Management of implementation process
- Audits conducted to test readiness for independent third-party review by an accredited organisation, leading to formal certification
Clients benefit from the applied knowledge of experienced Commissum professionals:
- Knowledge of the standard and its implementation process
- Limited disruption to the business from day-to-day management of the process
- Security management and administration controls established in empathy with the values of the business.
- Faster and more assured certification (or self-certification) – “right first time” for a lower cost
- Assistance in selecting and co-ordinating with an appropriate certification agency