ISO27001 Certification Plus General Compliance and Regulation Requirements
Since Comsec was established more than 30 years ago, hundreds of organizations have used our services to help them to comply with the ISO 27001 family of standards and to obtain certification. Over the years, Comsec has adjusted its methodology based on feedback from our clients to support the client in achieving the highest possible level in terms of technology, cyber security, compliance with regulation and professionalism.
Your organization might need to comply with different legal, statutory, regulatory or contractual obligations related to information security and privacy requirements. The ISO 27001 standard takes all of this into account and Comsec will handle it for your organization.
The certification is solely for ISO27001 but an organization can choose any valid approach for implementation. For that reason, the ISO has a family of standards, such as ISO27002, ISO27799, ISO27032, and many more, that an organization can adhere to. Comsec will help you to select the appropriate framework and guide you in achieving compliance.
All of our GRC team members are certified Lead Auditors and have extensive knowledge and experience in many industries. All of our customers have gone on to receive their certification, without exception.
Lack of knowledge and experience will make it very difficult for an organization attempting to achieve compliance independently. The time-consuming lack of clarity and inability to understand regulatory implications might be very costly in terms of price, prestige and non-compliance with the law.
Comsec has the appropriate solution for your organization. Our methodology has proven again and again that we do the work efficiently and to the satisfaction of our customers. Comsec experts have proven their ability to deliver many ISO27001 projects in different industries, and for organizations of all sizes.
- Defining the scope of the ISMS (Information Security Management System).
- Building an Asset Mapping registry which includes Inventory, Ownership, acceptable use and returning of assets.
- Performing a Risk Assessment process to identify risks associated with the loss of Confidentiality, Integrity and Availability (CIA) for information within the scope of the ISMS.
- Formulate an information security risk treatment mitigation plan based upon the Risk Assessment.
- Execute a Risk Mitigation program to determine the controls that are necessary to mitigate the relevant information security risk.
- Formulate a set of required Policies and Procedures to support the ISMS.
- Produce an SOA (Statement of Applicability), a registry of all controls stating the level of compliance to each control in the ISO27002 standard and in any other set of controls.
- Final Audit assistance and certification.
How long does the preparation take?
4 to 6 months.
Do we receive certification?
Yes. Your organization will have to engage a Certification Firm that will audit you and provide you with the ISO 27001 certification.
How much does it cost?