ISO 27001 Compliance
Security Brigade Logo
Services | Products | Compliance | Training | Home | Clients | Contact Us
Menu
Services
Products
Training
Compliance
Whitepapers
Case-Studies
News
Media
Contact Us

Clients / Partners

Search
ISO 27001 Compliance

Overview

ISO 27001 enables companies to measure the risks to their information and ensure that appropriate measures or controls are in place to protect their business and information assets. Our ISO 27001 compliance services assist an organisation to understand the gaps in information system controls as per the ISO 27001 control objectives and provide recommendations to address the gaps. This will assist an organisation in formulating implementation plans to achieve ISO 27001 certification.

Scope:

  • Understand corporate business and IT process.
  • Analyse business and IT risks.
  • Map business risk with ISO 27001 controls.
  • Select applicable ISO 27001 controls.

Features

Our ISO 27001 service set includes the following:

ISMS Consulting

This service enables customers to select and deploy relevant ISO 27001 controls and best practices within their environment. The service is offered in a modular form and is customizable to suit specific needs.

The key modules include:

  • Threat & Risk Assessment.
  • Creation of ISMS Framework: ISMS design based on ISO 27001 guidelines that are vendor and technology independent.

These modules can be considered in isolation if a certification is not your end goal.

ISMS Implementation

This service provides deployment of the designed ISMS and the complete security solution towards achieving an ISO 27001 certification.

The mandatory modules required for certification are:

  • Design & Development of ISMS Controls
  • Implementation of ISMS Controls
Since the certification procedure is well defined as per the ISO 27001 standard, all the modules need to be delivered in the defined sequence.

ISMS Compliance Assessment & Audit

This service ensures compliance of the existing IT environment and its management procedures with the ISO 27001 controls and guidelines for the enterprise security posture. The audit comprises of the following modules:

  • ISMS Audit
  • Asset Audit
  • Security Architecture Audit
  • Policy Audit
  • Compliance Report

A pre-certification audit that acts as a real-time quality check and provides reassurance prior to the certification audit is also available as a separate service.

Benefits

Security Brigade is well experience in working with ISMS (Information Security Management System). You can derive the following benefits from our ISO/IEC 27001 consulting service:

  • Brings your organisation to compliance with legal, regulatory, and statutory requirements.
  • Market differentiation due to positive influence on company prestige.
  • Increases vendor status of your organisation.
  • Increase in overall organisational efficiency and operational performance.
  • Minimizes internal and external risks to business continuity.
  • ISO 27001 certification is recognized on a worldwide basis.
  • Significantly limits security and privacy breaches.
  • Provides a process for Information Security and Corporate Governance.
  • Reduces operational risk while threats are assed and vulnerabilities are mitigated.
  • Provides your organisation with continuous protection that allows for a flexible, effective, and defensible approach to security and privacy.

Technical Information

Security Brigade adopts a six-step consulting methodology to manage the ISO 27001 implementation

Step I: Understanding Business Functions
The purpose of this phase is to provide the initial planning and preparation for the assignment. The steps in this phase help re-emphasize the project objectives and goals and plan the various focus / target areas to be considered during the assignment.

Step II: Data Acquisition
The purpose of this phase is to collect all relevant data pertaining to the scoped area. This is probably the most crucial phase, since it involves meeting the stakeholders and understanding their concerns, as well as assets under their responsibility and the importance of these assets to their business function.

Step III: Risk Assessment
Performing a comprehensive Risk Assessment on the identified critical IT assets would enable to select appropriate risk mitigation controls. NII's Risk assessment methodology is a multi-fold activity comprising assigning values to the identified critical information assets, threat assessment, Vulnerability Assessment & Penetration Testing exercise and Gap Analysis.

Step IV: Prioritize
The purpose of this stage is to develop a risk mitigation strategy and plan to provide inputs to the selection of ISO 27001 compliant controls. The inputs from this stage will drive the development of the IT policy.

Step V: Design & Build
The purpose of this stage is to develop detailed and functional IT security policies and procedures for the client. The policy statements will be in line with ISO 27001 and will address the risk areas identified earlier (as per the risk mitigation and treatment plans).

Step VI: Action Plan
The main purpose of this stage is to provide the client with a Security Improvement Program which would help the client to have a continuous improvement as well as to get ISO 27001 certification. The objective of this phase is to implement the security controls. NII will manage the implementation program. This phase results in an implementation roadmap that the client can use to implement the ISO 27001 controls.

Copyright 2006 Security Brigade