ISO 27001: Aligning Your Project to Information Security Standards
ISO 27001 is the internationally recognised standard for Information Security Management Systems (ISMS). It specifies the requirements for establishing, implementing, maintaining, and improving an ISMS — a systematic approach to managing sensitive information security.
What ISO 27001 Covers
ISO 27001 is a risk-based framework covering 93 controls across four categories:
- Organisational controls: Policies, roles, responsibilities, supplier relationships, incident management
- People controls: Background checks, training, awareness, disciplinary process
- Physical controls: Physical access control, equipment security, secure disposal
- Technological controls: Access control, cryptography, vulnerability management, network security, logging
What Certification Involves
ISO 27001 certification requires: defining the scope of your ISMS, completing a risk assessment, implementing controls to address identified risks, and undergoing a two-stage audit by an accredited certification body. Certification must be renewed every three years with annual surveillance audits.
How We Align Our Delivery
For clients pursuing ISO 27001 certification, or those who need to demonstrate compliance to clients holding certification, we:
- Design and build systems in alignment with relevant ISO 27001 Annex A controls
- Provide technical evidence documentation (system descriptions, security controls in place, access control policies) for your audit
- Can complete supplier security questionnaires used in ISO 27001 supplier assessment processes