While we tailor every assessment to meet each client’s unique requirements and challenges, our roadmap to compliance typically follows a five-phased approach that creates the general framework of each assessment. Our goal is to create an efficient, unobtrusive assessment so that you can focus on your business, and we can focus on your compliance.
Our team of professionals serves our clients by combining knowledge of industry standards and regulatory requirements with proven methodologies and tools to produce cost-effective, value added results. And what really sets us apart from our competitors is our highly personalized, client-centric level of service. We view ourselves as your business partner and treat our engagements as an opportunity to continuously improve your business processes, rather than a mere exercise in compliance.
(Phase 1): The International Organization for Standardization (ISO) 27001 outlines specific requirements. Defining the scope of an ISO 27001 engagement involves understanding how your organization’s information security requirements and security objectives align with ISO 27001 requirements. We have years of experience working with nearly every industry and work with our clients to ensure that we cover the appropriate scope.
During this phase, the following areas will be covered:
4 Context of the organization
8.2 Information security risk assessment
(Phase 2): The GAP Assessment and Fieldwork activities are designed to assess how the company is currently aligned with ISO 27001. By conducting a thorough gap analysis and field work activities, our consultants will assess the current control environment by identifying strengths and providing recommendations for areas that need improvement. As part of our detailed recommendations, we will provide a prioritized listing of controls that should be considered for implementation or enhancement prior to finalizing the assessment.
Testing of Controls
During this phase the following areas will be covered:
(Phase 3): As a result of our initial GAP Assessment and Fieldwork activities, management will receive a preliminary report with any deficiencies identified that need remediation. Inc. will work with management as needed during the remediation phase of this engagement to ensure that new controls are implemented according to the requirements of the ISO 27001 standard.
Management is assigned a secure file sharing folder where they can exchange documents securely with all project team members. Upon implementation of controls, the procedures are validated by the project team and updated in your final report on controls.
As part of the remediation, we will work with management to evaluate the following areas and develop management procedures where necessary and create a foundation for the continual management of your ISMS:
9 Performance evaluation
(Phase 4): Implementing an ISMS is only part of the ISO certification; in addition, you are required to have an evaluation completed by a registrar. We will assist management with the coordination and communication of this examination to ensure that management is efficiently and accurately communicating with the third-party assessor.
(Phase 5): After you have put into place your ISMS, we will work with management as need to provide internal audit support and monitoring procedures to meet the ongoing evaluation requirements as a part of your ISMS. We will assist with regular risk assessments and act as an internal audit department to monitor your ongoing compliance and improvement over time.