In recent years, there has been a constant increase of the emphasis companies are putting into securing information relevant to their operations.
The ISO 27001 standard provides best practice guidance on protecting the confidentiality, integrity and availability of the information security on which we all depend – information such as bank accounts, credit cards data, health information and defense data, etc. It is also a framework for managing Information Security (IS) in a more pragmatic and efficient way.
Some of the main benefits in implementing ISO 27001 in your company is as follows:
• Supports compliance with relevant laws and regulations
• Reduces likelihood of facing prosecution and fines
• Can help you gain status as a preferred supplier
• Protects your reputation
• Provides reassurance to clients that their information is secure
• Cost savings through reduction in incidents
• Demonstrates credibility and trust
• Improves your ability to recover your operations and continue business as usual
• Improved internal organization
• Meet customer and tender requirements
• Get a competitive advantage
The ISO 27001 Standard divides the Information Security Management System into 7 management requirements and 14 Control Objectives that assist the organization to deal with the virtually infinite number of Information Security related issues that exist in organizations.
Comsec’s Performance Methodology
The ISO 27001 Gap Analysis will be undertaken using Comsec’s proven methodology for execution of Information Security Assessments.
Comsec will carry out the project based on the following main stages:
• Project Planning & Preparation – Aimed at obtaining a fuller understanding, through discussion with the relevant business and technical staff in an open forum, the work that is to be undertaken. This could include activities such as defining key personnel, deliverable requirements, interview questionnaire formulation, key technologies involved and timeframes.
• Information Gathering – Aimed at gaining an in-depth understanding of the organization’s current Information Security environment, infrastructure and processes.
• Information Analysis – The Information Analysis is aimed at evaluating the gap between the information security levels in respect with the requirements as set in the ISO 27001 standard.
• Deliverables Development – Involves communicating the processes that took place and preparing the desired ISO 27001 Gap Analysis report which will elaborate on the current state of the clients’ security in light of its desired state and a recommended action plan.
The Gap Analysis findings are the main input for defining the required activities for “closing the gap” in order to comply with the required security standards. The report will cite effective recommendations for addressing these weaknesses and enhancing organization information security.
• Defining the scope of the ISMS (Information Security Management System).
• Building an Asset Mapping registry which includes inventory, ownership,
acceptable use and returning of assets.
• Performing a Risk Assessment process to identify risks associated with the loss
of Confidentiality, Integrity and Availability (CIA) of information within the scope
of the ISMS.
• Formulate an information security risk treatment mitigation plan based upon the
• Execute a Risk Mitigation program to determine the controls that are necessary
to mitigate the relevant information security risk.
• Formulate a set of required Policies and Procedures to support the ISMS.
• Produce an SOA (Statement of Applicability), a registry of all controls stating the
level of compliance to each control in the ISO27002 standard and in any other
set of controls.
• Final Audit assistance and certification.
How long does the preparation take?
4 to 6 months.
Do we receive certification?
Yes. Your organization will have to engage a Certification Firm that will audit you and provide you with the ISO 27001 certification.