What is ISO 27001?
ISO/IEC 27001 is an international standard on information security management systems (ISMS), providing requirements for organizations of any size and kind to manage the security of its assets, such as proprietary data, third party information, financial information, intellectual property, and employee information. ISO 27001 standard provides a framework for policies and procedures that include all legal, physical, and technical controls involved in an organization’s information risk management processes. This standard specifies the requirements for designing, implementing, maintaining and continually improving an information security management system within the context of the organization.
ISO 27001 standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements are generic and are intended to be applicable and scalable to all organizations, regardless of type, size or nature.
Who Should Comply with ISO 27001?
As a highly sought-after ISMS standard, many companies realize the benefits of being ISO 27001 certified. With this globally recognized information security management standard certification, your organization will show that you value the data and information that you generate, handle, process, and store. Companies that are in sensitive and critical sectors as well as those in competitive environments and seeking opportunities in regulated industries should consider full compliance. By being certified or compliant with ISO 27001, your organization will
- Gain trust/approval of the customers (become a qualified product, software, or data supplier for potential customers)
- Gain advantage over competitors
- Create new business opportunities
- Reduce risk and costs
- Comply with the federal, statutory and state regulations
- Increase company reputation
- Increase predictability and stability
- Increase supply-chain management, and
- Discover how internal departments can communicate better.
What are the Components of ISO 27001?
ISO 27001:2013 has 14 domains of controls, as provided below, and 114 control requirements under these domains. However, not all of these controls are mandatory in order to be ISO 27001 certified by the accredited registrar. Organizations can choose for themselves which controls they find applicable and implement only those that are applicable:
- Information security policies
- Organization of information security
- Human resources security
- Asset management
- Access control
- Physical and environmental security
- Operational security
- Communications security
- System acquisition, development and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
How Can We Help You?
Don’t try to manage it all alone! Linqs has extensive experience in ISO compliance and operations. We can assist you with education & understanding, training and help develop your quality management system for ISO 27001 compliance.
Phase 1 – Training, Assessment, and Gap Analysis
- Provide training on ISO 27001 clauses and compliance;
- Review the ISMS including internal and external interested stakeholders;
- Review of ISO 27001 requirements based on the organization’s ISMS;
- Identify the gaps where remediation is needed.
Duration: 1 week
Phase 2 – Compliance Program Management and Procedure Development
- Prioritize the gaps which can be closed in a short time frame;
- Develop plan of actions & milestones to be compliant with ISO 27001 requirements;
- Develop robust documented ISMS ;
- Engage with each department involved with quality and operations; and
- Advise on best quality management system practices.
- Quality Policy, Quality Objectives and Quality Scope;
- Risk analysis management in context to stakeholders;
- Develop procedures for the organization’s effective operations;
- Develop document and records controls;
- Develop customer feedback and complaint handling processes; and
- Develop data analysis and continuous improvement processes.
Duration: Varies depending on the size and scope of the organization
Phase 3 – Continuous Compliance Monitoring (Optional)
- Perform Internal Audits;
- Assess and identify the new gaps a result of changes in operations, regulations, and customer focus;
- Updates to the quality management system including revision changes to risk analysis, processes, significant operation developments, quality scope and documentation controls;
- Assistance with customer requirements, customer complaints, and audit findings;
- Assistance with representation during audits;
- Advise on continuous improvement; and
- Continuous education & training for your organization.
Duration: Varies depending on task(s)