ISO/IEC 27001 Information Security Management
Managing information security appropriately within an organisation requires taking the right steps to achieve the desired level of assurance. ISO/IEC 27001 is an international standard used by numerous organisations seeking to adopt a widely recognised best practice framework. The standard helps you identify risks to your important assets and select controls to help reduce risks.
Five Security can help you implement and maintain an Information Security Management System (ISMS) in accordance with the requirements of the ISO standard. This includes services ranging from assessing your current practices against the standard to helping achieve certification.
Getting started workshop
The objective of this initial workshop is to introduce what information security management means, introduce the requirements of the ISO 27001 standard and evaluate how the standard can help you achieve the desired level of information security assurance.
ISO/IEC 27001 Gap Analysis
Five Security can perform an evaluation of your current Information Security Management practices against the ISO/IEC 27001 in order to determine what effort would be required from your organisation in order to meet the requirements of the standard. The assessment is primarily conducted using interviews with key individuals within your organisation. We use a methodology based on a questionnaire focused on the controls required by the standard. At the end of the process, you can leverage our recommendations compiled into a detailed gap analysis report highlighting any areas that do not conform to the ISO/IEC 27001.
Implementation of the standard
Five Security can help you implement any areas of the ISO/IEC 27001 that need remediation. We work with you and key stakeholders to determine the best strategies and solutions to achieve the desired state of information security. We assist at alla stages with the development, implementation and maintenance of your ISMS.
Five Security can also help you meet the requirement for a regular internal audit of your ISMS or sections of your ISMS in accordance with ISO/IEC 27001 in the context of continuous certification.
Why ISO/IEC 27001?
Following the cycle of Deming (Plan, Do, Check, Act), the ISO/IEC 27001 standard is designed to provide assurance to your customers and other third parties that you have a solid security program in place.
The standard provides a widely recognised framework to manage an information security program and demonstrate your organisation's commitment to continuous improvement supported by a risk assessment process.