Adoption of ISO 27001 is accelerating internationally, with organisations recognising that the standard will soon change from being a discriminator to being a prerequisite to conducting business in many sectors. Commissum brings a wealth of experience in helping you establish your ISMS (Information Security Management System), as well as overseeing or managing on your behalf, your transition to compliance with ISO 27001.
ISO 27001 Management Transition Issues
Establishing the ISMS necessary to achieve alignment with the ISO 27001 standard can be a daunting task. If done in-house, it is likely to divert significant resources and attention from the tactical demands of security management and administration, and from the business of the organisation in general. If you have decided to seek formal certification, you will wish to adopt a “right first time” approach, as failing to achieve it will not only reflect badly on your business and security management practices, but may also also significantly increase the cost of the process.
Achieving alignment with ISO 27001 is a complex process, and for efficient and effective implementation it requires experience and knowledge of risk management, and the establishment of security controls and documentation.
The UK DTI guidance material stresses that an organisation should use risk management techniques to establish the scope and depth of requirement for security controls. Controls and processes must be appropriate to the business. Commissum’s experienced professionals are able to manage the process for you efficiently, the elements of the approach being:
- Proven management plans used to conduct assignment
- ISO 27001 gap analysis undertaken to establish requirements
- Experienced IT Security Manager conducts requirement review and analysis
- Definition of control objectives and statement of applicability maps the organisation’s security requirements to the applicable clauses of the standard
- Implementation plan drawn up to achieve control objectives
- Management of implementation process
- Audits conducted to test readiness for independent third-party review by an accredited organisation, leading to formal certification
Clients benefit from the applied knowledge of experienced professionals:
- Knowledge of the standard and its implementation process
- Limited disruption to the business from day-to-day management of the process
- Security management and administration controls established in empathy with the values of the business
- Faster and more assured certification (or self-certification) – “right first time” for a lower cost
- Assistance in selecting and co-ordinating with an appropriate certification agency
Download the ISO 27000 Transition Management PDF now (43.4 KB)
Get in touch to see how Commissum can help your organisation with the transition to ISO 27001.