Getting started is often the most challenging step, usually through a misunderstanding of the ISO/IEC 27001 standard and its purpose. This workshop is for top level management, decision makers and risk owners. We spend the day demystifying the standard into smart activities and objectives which can be incorporated into either a project or within business as usual activities. It will make the standard accessible and sow the seeds for engaging the rest of the organisation. For those running alternative security or compliance regimes such as PCI DSS, it will demonstrate how the work you are already doing can be incorporated into your ISO/IEC 27001 ISMS for quick wins.
For those wanting to understand their current security posture, the range of products below can be used to baseline your maturity level and help you evolve your information security strategy moving; this is true even if you don’t want to pursue the full certification.
This review is aimed at the elements of the standard which form the core requirements and is focused at top management, decision makers and risk owners. It will evaluate how compliant you are with clauses 4 to 10 and provide you with a roadmap to achieving full compliance. Your roadmap will be tailored to your organisation and objectives, so that the scope of your ISMS meets your strategy.
Risk Management is at the heart of ISO/IC27001:2013. In conjunction with your Nettitude consultant, a risk management system incorporating the requirements of the standard will be developed which fits your organisation both in terms of size and complexity; this will incorporate into your ISMS and providing the necessary business processes to run the system.
Nettitude consultants will use a combination of substantive and compliance methods to assess your security controls against the ISO/IEC 27001 Annex A Controls (see below). Where the scope of the certification is not yet known, this will look across your entire organisation to provide you with an indication of your security posture and risk levels. It will also provide you with the ability to create SMART activities/objectives to address those risks. Your consultant may also recommend an alternative to ISO/IEC 27001 depending upon the findings within the organisation.
The ISO/IEC 27001 revision in 2013 increased the level of controls required when working with third parties. Nettitude’s consultants will work with you to determine your Risk Levels (RLs) and design an assessment process to harvest and manage the RLs from each third-party. Whether you hold the certificate yet or not, Nettitude can support you in this area by completing those risk assessments on your behalf.
Your organisation may not initially have the time or resources to fulfil the requirements of Internal Audits. Nettitude can develop and deliver an internal audit programme to meet the requirements of the standard and more importantly grow your ISMS and security posture. As your familiarity with the standard and processes improve, you may choose to bring this in house or simply retain Nettitude to deliver this core element of the standard on your behalf.