Are you seeking to be an ISO/IEC 27001 certified organization?
Getting a compliance audit from our certified experts will give you that assurance and confidence that your organization is ready for ISO/IEC 270001 certification.
We, at Risk Associates, offer a complete road map of services to assist our clients in developing and implementing a relevant and sustainable Information Security Management Systems (ISMS).
Key Benefits of achieving ISO/IEC 27001 Certification
Differentiation from your competitors by providing your organization with independent verification that your information security management system has met the requirements of this globally-recognized information security standard.
Reducing costs on additional compliance efforts. Common processes, procedures and controls implemented as part of ISO 27001 conformance can be leveraged for other compliance efforts such as PCI, HIPAA, and Sarbanes-Oxley.
We offer the following Road Map of achieving ISO 27001 Certification
Gaining basic understanding about the business functions. Developing required documentation along with defining the scope of ISMS. Developing and implement a Document Control Procedure and a Records Management Procedure and taking the higher management on board by developing ISMS Manual.
Gap / Risk Assessment
The risk assessment phase will include identification and classification of critical assets which will be performed by conducting interview and filling questionnaire with all the departments within the scope of ISMS.
Documenting Policies & Procedures
Based on the Statement of Applicability (SOA) and the ISO 27001 standard, our consultants will develop the ISMS documentation for the controls as defined in the ‘Annex A’ of the standard, covering policies and procedures and work together with the implementation team to institute behavioral changes and implement those required technical & management control measures that form the Information Security Management System.
Training & Awareness
The Risk Associates consultants will conduct awareness sessions for the staff who will work with ISMS to ensure effective implementation of controls and their continuous operating effectiveness throughout ISMS lifecycle.
Audit & Certification
After a successful internal audit where all identified non-compliance and improvement opportunities, with Corrective Action Request (CAR) have been addressed proceeding to the certification audit can commence. We will help you prepare for the certification audit and selecting the independent ISO/IEC 17021-1:2015 accredited certification body who will perform the audit.
The certification audit consists of 2 stages:
This audit is conducted on-site and remotely, is a desktop assessment to evaluate your management system documentation, including policies, processes, management review records, scope and context as well as system implementation. The objective is to determine your readiness for a full assessment.
This audit is conducted onsite, includes in-depth assessment to ensure the effectiveness of your management system and of the implemented controls. Assess compliance with the standard’s requirements and report any non-conformance or potential non-conformance that will have to correct before the certification can be issued.
At the end of a successful stage 2 audit process is complete, a ‘Statement of Certification’ is issued, confirming compliance with the relevant standard. This certification is valid for a 3-year period from the date of issue.
Surveillance audits will need to be performed on a annual basis to maintain your certification.