ISO/IEC 27001 CERTIFICATION

TrustNet provides ISO 27001 Certifications to organizations that are ready to undergo their ISO audit.  ISO 27001 is the internationally recognized standard that outlines the requirements for constructing a risk-based framework to initiate, implement, maintain, and manage information security within an organization. The standard, based on the Plan-Do-Check-Act model, defines what an information security management system (ISMS) is, what is required to be included within the ISMS, and how management should form, monitor, and maintain the ISMS.

ISO 27001 Certification Service include:

Formal reports at the conclusion of each stage of the certification and surveillance reviews

ISO/IEC 27001 Gap Assessment

  • Conduct an independent assessment to determine the readiness of the organization to undergo an ISO 27001 certification
  • Examine the management system through documentation review and interview sessions to identify gaps
  • Provide a gap assessment report including prioritized remediation action items
Project deliverables include the following:

  • Information Security Management System (ISMS) Scope
  • Risk Assessment
  • Risk Treatment
  • Gap Assessment

Certification Process

Regardless of size, today’s businesses need to work hard to protect the safety of their systems, applications, and data. In response, many choose to implement an Information Security Management System (ISMS) that is certified to comply with the ISO 27001 standard. Doing so demonstrates to management and stakeholders that fostering a secure environment is at the top of your corporate priorities list.

To get the certification, an organization must develop an ISMS containing security-related policies, procedures, technology, and qualified staff. Once this is completed, they must conduct an internal audit of the ISMS, addressing and taking action to correct any areas of concern.

Achieving certification requires enlisting the services of a qualified third-party body. This entity will thoroughly review the company’s ISMS to assess whether it meets ISO 27001 guidelines, a process that can take anywhere from three to 12 months from start to finish.

Initial Certification Review – Stage 1
Stage 1 is a preliminary informal review of the ISMS. This is typically performed onsite at the client location, and consists of a review of the key policy and process documentation.
Initial Certification Review – Stage 2
Stage 2 of the certification review is a more detailed and formal compliance audit. This is performed onsite at the client location(s) and includes in-depth testing to validate that the ISMS framework has been implemented, is monitored, and is maintained per ISO 27001 standard requirements and internal policies and procedures. Passing this stage results in the ISMS being certified compliant with ISO 27001.
Surveillance Audits
ISO 27001 certificates are valid for a three-year term. During this period a series of reviews called surveillance audits are required to be completed. These should take place at least annually but are often conducted more frequently, particularly while the ISMS is still maturing. A surveillance audit includes an onsite review to determine if any material changes have been made to the ISMS and limited testing to confirm that the organization is continuing to following the framework and controls.

TrustNavigator™ our proprietary service approach:

l

PLANNING

project planning and management

SCOPING

risk assessment, identify relevant controls, gather info

TESTING

analysis, conduct testing, remediation roadmap

REPORTING

findings and recommendations, final report

Schedule a Meeting With Us