Hypersecurity LLC ISO 2700X Audit Services

ISO 27001/27002 Compliance

 

What Are ISO 27001 and ISO 27002?

 

These are the major international information security standards, published by ISO. ISO 27002 was formerly known as ISO 17799, having been renamed in 2007. It is closely related to ISO 27001. The former of these is a code of practice for information security management (see the Contents of ISO 27002), whilst the latter is a specification for information security management.

 

ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for the original document, BS7799-2.  It is intended to provide the foundation for third party audit, and is 'harmonized' with other management standards, such as ISO 9001 and ISO 14001.  The basic objective of the standard is to help establish and maintain an effective information management system, using a continual improvement approach.

 

ISO 27001 Certification, as with BS7799-2, is a robust audit and certification scheme that supports the standard. For those previously certified against BS7799, accredited certification bodies have established transitional arrangements.

 

Regulatory compliance is one of the leading business concerns for most organizations, regardless of industry. Laws are constantly changing, standards continue to improve, and the demands of security and control are growing within all organizations. As a result, organizations are faced with continuous compliance efforts which inevitably affect their budgets and the bottom line. In many institutions, officers and staff spend valuable time reviewing regulatory requirements, ensuring ongoing compliance, and implementing new regulations, having less time to dedicate to the goals of their own business. Hypersecurity can help you manage your compliance function and monitor compliance with consumer regulations against a variety of standards and frameworks. As the de facto Security Management standard, the ISO 27001 standards provide a baseline for minimum security guidance of organizations, small and large. ISO 27001 is a framework which focuses on IT and security governance through a holistic approach.

 

The ISO methodology applies basic requirements for security controls and monitoring which enable an organization to effectively prevent and detect threats or vulnerabilities. The objective of the assessment is to determine an organization’s compliance with each of the ten domains of the Standard. The domains covered by the Standard are:

     • Asset Classification and Control
     • Business Continuity Planning
     • Computer and Operations Management
     • Compliance
     • Personnel Security
     • Physical and Environmental Security
     • Security Organization
     • Security Policy
     • System Access Control
     • System Development and Maintenance

Our team of compliance consultants has extensive experience in assessing, base-lining, facilitating, and making recommendation against the ISO framework for organizations of any size. Our consultants are expert level security professionals, certified to make assessments using the ISO framework with the designation of CISSP, CISA, or CISM. Our professionals have a wide variety of experience creating, developing, and assessing against the ISO framework for the retail industry, financial institutions, healthcare organizations, educational institutions, private companies, public companies, and for government agencies. 

 

Back