In recent years, companies have been increasingly prioritizing their operations’ information security.
The ISO 27001 standard provides best practice guidance for protecting the confidentiality, integrity and availability of the information security on which we all depend – information such as bank accounts, credit card data, health information and defense data, among others. It is also a framework for managing information security in a more pragmatic and efficient way.
Some of the main benefits in implementing ISO 27001 in your company are:
• Supports compliance with relevant laws and regulations
• Reduces likelihood of facing prosecution and fines
• Can help you gain status as a preferred supplier
• Protects your reputation
• Reassures to clients that their information is secure
• Saves costs by reducing incidents
• Demonstrates credibility and trust
• Improves your ability to recover your operations and continue business as usual
• Improves internal organization
• Meet customer and tender requirements
• Provides a competitive advantage
The ISO 27001 standard divides the information security management system into 7 management requirements and 14 control objectives, that assist the organization in dealing with the virtually infinite number of information security related issues that it faces.
Comsec’s Performance Methodology
The ISO 27001 gap analysis will be undertaken using Comsec’s proven methodology for execution of information security assessments.
Comsec will carry out the project based on the following main stages:
• Project Planning & Preparation – Aimed at obtaining a fuller understanding, through discussion with the relevant business and technical staff in an open forum. This could include, among others, defining key personnel, deliverable requirements, interview questionnaire formulation, key technologies involved and timeframes.
• Information Gathering – Aimed at gaining an in-depth understanding of the organization’s current information security environment, infrastructure and processes.
• Information Analysis – The information analysis is aimed at evaluating. The gap between the organization’s current information security status and the ISO 27001 requirements.
• Deliverables Development – Involves developing the ISO 27001 gap analysis report. The report will clarify the organization’s current state of security, and set a recommended action plan to help it reach its goals.
The gap analysis findings will define the required activities for closing the gap and complying with the required security standards. The report will cite effective recommendations for addressing these weaknesses and enhancing organization’s information security.
The Service You Get
• Defining the scope of the ISMS (information security management system).
• Building an asset mapping registry which includes inventory, ownership,
acceptable use and returning of assets.
• Performing a risk assessment process to identify risks associated with the loss
of confidentiality, integrity and availability (CIA) of information within the scope
of the ISMS.
• Formulate an information security risk treatment mitigation plan based on the
• Execute a risk mitigation program to determine the controls that are necessary
to mitigate the relevant information security risk.
• Formulate a set of required policies and procedures to support the ISMS.
• Produce an SOA (Statement of Applicability), a registry of all controls stating the
level of compliance to each control in the ISO27001 standard and in any other
set of controls.
• Final audit assistance and certification.
How long does the preparation take?
4 to 6 months.
Do we receive certification?
Yes. Your organization will have to engage a certification firm that will audit you and provide you with the ISO 27001 certification.a