Loading...
 

ISO 27001


Opportunity and risk come in pairs

ISO 27001

ISO 27001 is a framework for an Information Security Management System (ISMS) to address the management of information risks. Annex A of the 27001 specification documents specific information security controls, which ISO/IEC 27002 further expands upon.

These information security controls protect the confidentiality, integrity, and availability of information with risk management as the primary driver of the control objectives.

The standard is structured logically around 14 security control families, 35 control objectives, and more than 114 individual controls.

ISO 27001

The certification can be achieved by following Information Security Management System (ISMS) guideline and completing an official audit. While not mandatory, there are many benefits to getting ISO 27001 certified. For example, it can supplement other compliances and standards like HIPAA, PCI DSS, FFIEC, FISMA etc. Getting an ISO certification can also increase your business reputation as ISO standards are highly respected. Finally, ISMS has some great information security best practices that are valuable for business continuity and growth.

ISO 27001

For many organisations, certification to ISO 27001 can be a nerve-racking experience, with concerns about the audit process, what will and could happen, and the need to gain successful certification for commercial or personal reasons. The process is straightforward, and we can assist with any or all the steps to a successful accreditation to ISO 27001.

ISO 27001

ISO 27001

This schematic shows how the certification process works, with the red titles showing the certification body input. The gap between a Stage 1 and Stage 2 audit will normally be between 2 and 6 months, which allows plenty of time to ensure that all the controls have been implemented and effectively audited; to check that your management understand and apply their leadership and commitment; and to ensure that all staff have the relevant awareness and competency.

A risk management strategy provides a structured and coherent approach to identifying, assessing and managing risk or uncertainties followed up by minimizing, monitoring and controlling the impact of risk realities or enhancing the opportunity potential by applying coordinated and economical resources.

Our experts partner with clients on corporate planning, providing perspective not only on immediate value and impact, but on long-term implications. We work closely with management and other advisers to leverage and complement their knowledge and ensure maximum impact, and actively support implementation and skill building.

Featured Experts - ISO 27001

Senior multi-disciplinary corporate and finance professionals with diverse geographic, sector and transaction focuses
Nav Kaplish
Nav is a seasoned business and technology executive with 18+ years of global corporate and entrepreneurial experience in building and managing digital teams and in leadership roles spanning Governance, Risk & Compliance, Audits and conceptualisation and delivery of Blockchain products.

Nav
Kaplish

Partner Digital, Blockchain & Risk
London


Preethi Hari
Preethi is a versatile senior-level corporate professional with 18+ years of experience in Risk Management, IT Governance, IT Security, Business Continuity, Audits, Compliance and Regulatory. She specialises in COBIT/ COSO framework, ITSM (ITIL), 6-Sigma, SOX etc in Banking, Insurance, Oil & Gas, Shipping, Mining, Logistics, Telecom and Commercial Real Estate.

Preethi
Hari

Partner Risk Management
London


Contact us
Print page