The information security standard
ISO 27001 is an information security standard which forms part of the ISO 27000 family of standards. As an evidence based standard, it requires senior leadership buy-in, a robust framework and the adoption of a security first culture.
The standard acts as a badge of trust that can demonstrate to your clients that you take the security of their data and that of their clients seriously. Many organisations use the standard as a bench mark for procuring services and adopt the common ISO 27001 controls in their tender process questions.
How do Black Penny help you get ready?
As with every engagement that Black Penny Consulting complete it starts with the organisation. By firmly understanding who you are and how you operate we can provide a guided consulting engagement and help you certify against ISO 27001.
The stages Black Penny follow to assist our clients in gaining the certification are detailed below. This includes discovery, assessment and refinement of your information security processes and policies, the development of a tailored ISMS and the guidance through the certification process.
Discovery & assessment
Black Penny know that all organisations are different. The first stage in assisting our clients in gaining the ISO 27001 certification, is to firmly understand what you do. This discovery exercise will explore how you as a business operate, how you manage information security and how your business leaders will help drive the ISO 27001 framework.
Policy & Process refinement
A fundamental part of a robust information security stance is appropriate processes and policies. These include processes for incident response and policies for acceptable usage. Black Penny will review any preexisting processes and policies and assist in refining these so they match the base level controls in the ISO 27001 standard.
ISMS Framework development
ISO 27001 requires a robust framework of controls, processes and policies. As an evidence based standard, it is required that organisations continually manage their alignment through the use of an Information Security Management System (ISMS). Black Penny will use our template ISMS to develop a framework that works for your organisation.
The process for ISO 27001 certification is specific to the certifying body completing the audit. This generally consists of a Stage 1 audit to review the maturity of the ISMS followed by a Stage 2 audit where the ISMS and the processes/policies surrounding it are reviewed. Black Penny will work with and sit with you through this process.