ISO27001
What is an ISO27001?
ISO27001 is one of the globally recognized information security frameworks. It is a standard that sets out the information security best practice recommendations for organizations of any size or industry. The goal of setting up an information security management system according to the recommendation of the standard is to minimize technology risks and to ensure business continuity by pro-actively limiting the impact of a security breach.
While highly regulated businesses may require implementing information security management system as part of the regulatory requirements, many organizations obtain the ISO27001 certification to demonstrate that they have identified the risks, assessed the implications, and put in place systemized controls to limit any technology and information security damage to the organization.
ISO27001 – From Implementationto Certification
ISO27001 certification provides a competitive advantage in winning new business as it increases reliability and security of systems and information, this way improving the confidence of existing and potential customers and business partners.
TheMagnet® Advisors have the knowledge and expertise to guide organizations in implementing the information security management system. Starting with understanding the requirements and discussing the business need for ISO27001 all the way to certification.
Since ISO27001 is a framework and a standard of information security best practice, it can be used to optimize and improve the information security posture of an organization as well as individual elements of information security, such as third-party security, incident management, business continuity or access control without going through the process of certification.
The Main Building Blocks of TheMagnet® Approach
Scope and Objectives
The first step in managing cyber is understanding the scope of what you want to protect and why. Here we capture your cyber objectives in business language. Or put differently: we capture what you absolutely want to avoid from happening.
Risk Management
The scope and objectives are the direct input for defining relevant cyber risk scenarios. Leveraging a proven risk management methodology (which can be further adapted to your needs) we facilitate assessing the risk level of these tailored risk scenarios. We help you to define pragmatic measures to reduce your cyber risks to an acceptable level.
Policies
Policies are complementary to risk management. While risk management focuses on specific risk scenarios and specific risk mitigating measures, policies capture industry best practices that are tailored to your ambition level.
The value of creating such a baseline is in the discussion with different stakeholders and agreeing on that ambition level. The policies reflect that agreement and serve as reference going forward.
ISO/IEC 27001 Internal Audit
Before going for ISO/IEC 27001 certification, you will need an internal audit on the effectiveness of the ISMS and the relevant controls. The internal audit team needs to be skilled in ISO/IEC 27001 and needs to be independent from the implementation team. We can support your audit department with an experienced and independent internal audit team.
ISO/IEC 27001 Certification
When we are by your side to implement an ISMS, you determine how formal you want to approach the different steps. We make sure that what you implement is in line with ISO/IEC 27001. Always keeping overhead to a minimum and focusing on maximum value.
If you decide to go for ISO/IEC 27001 certification, we can support you on all different aspects of the ISMS – from the initial gap assessment to pragmatic implementation (with minimal overhead and maximum value) to advisory support during the official certification audit.
To sum up, we engage with:
- New customers requiring implementation / certification from scratch.
- Customers of an ISO27001 maturity level, requiring Pre-Audit (fine tuning / review).
- Customers with ISO27001 requiring Audit prior to Certification.
- Customers that require Yearly Audit reports to maintain their ISO27001 certification.
- Customers that require ISO27001 Training.