ISO/IEC 27001 CERTIFICATION

TrustNet provides ISO 27001 Certifications to organizations that are ready to undergo their ISO audit.  ISO 27001 is the internationally recognized standard that outlines the requirements for constructing a risk-based framework to initiate, implement, maintain, and manage information security within an organization. The standard, based on the Plan-Do-Check-Act model, defines what an information security management system (ISMS) is, what is required to be included within the ISMS, and how management should form, monitor, and maintain the ISMS.

ISO 27001 Certification Service include:

Independent assessment to validate that the management system conforms to ISO standard
Formal reports at the conclusion of each stage of the certification and surveillance review

ISO/IEC 27001 Gap Assessment

  • Conduct an independent assessment to determine the readiness of the organization to undergo an ISO 27001 certification
  • Examine the management system through documentation review and interview sessions to identify gaps
  • Provide a gap assessment report including prioritized remediation action items
Project deliverables include the following:

  • Information Security Management System (ISMS) Scope
  • Risk Assessment
  • Risk Treatment
  • Gap Assessment

Certification Process

Initial Certification Review – Stage 1
Stage 1 is a preliminary informal review of the ISMS. This is typically performed onsite at the client location, and consists of a review of the key policy and process documentation.
Initial Certification Review – Stage 2
Stage 2 of the certification review is a more detailed and formal compliance audit. This is performed onsite at the client location(s) and includes in-depth testing to validate that the ISMS framework has been implemented, is monitored, and is maintained per ISO 27001 standard requirements and internal policies and procedures. Passing this stage results in the ISMS being certified compliant with ISO 27001.
Surveillance Audits
ISO 27001 certificates are valid for a three-year term. During this period a series of reviews called surveillance audits are required to be completed. These should take place at least annually but are often conducted more frequently, particularly while the ISMS is still maturing. A surveillance audit includes an onsite review to determine if any material changes have been made to the ISMS and limited testing to confirm that the organization is continuing to following the framework and controls.

TrustNavigator™ our proprietary service approach:

l

PLANNING

project planning and management

SCOPING

risk assessment, identify relevant controls, gather info

TESTING

analysis, conduct testing, remediation roadmap

REPORTING

findings and recommendations, final report