Audit / Compliance
AUDIT ISO 27001:2013
SecureRapid can help you with your ISO 27001:2013 ranging from assessing your
information security against the standard to helping you achieve certification to the
standard. Our consultants have several years of experience in various ISO certifications.
We offer the following services to clients interested in the ISO 27001:2013 information
security standard -
CONDUCT GAP ANALYSIS AGAINST CURRENT ISMS
In order to determine the effort required to enable your organization to achieve certification to the standard it will be necessary to determine what the current status of your ISMS is. SecureRapid can conduct a gap analysis of your current ISMS against the requirements of the ISO 27001:2013 Information Security Standard. SecureRapid will achieve this by interviewing key personnel in your company using SecureRapid's met hodology based on a questionnaire centered on the controls specified in the ISO 27001 Information Security Standard. This questionnaire will be used to identify what areas provide opportunities for improvement to enable certification against the ISO 27001 Information Security Standard. Ideally, representatives from the management team and staff members familiar with the day to day running of the ISMS should be interviewed.
At the end of this phase a report will be developed outlining any sections of your ISMS that does not align with the ISO 27001 Information Security Standard and steps to address any gaps identified.
Our Approach
One of the key cornerstones required to ensure alignment with the ISO 27001 Information Security Standard is the completion of a comprehensive risk assessment process. The risk assessment process determines the level of risk acceptable to the organization and identifies unacceptable risks. Appropriate controls, whether they are human, process or technical, can then be identified to manage the risk appropriately.
This workshop will focus on-
1. Assisting in identifying information security assets
2. Assisting in developing a risk assessment methodology suitable to the
3. Requirements of your organization
4. Assist in the identification of risks
5. Assist in the development of a Risk Treatment Plan
The outcome of the risk assessment workshop will be comprehensive documentation and tools to enable you maintain your risk management and risk assessment programs.
With SecureRapid's Network Audit and Analysis, you can ensure your network is ready for whatever your business needs. SecureRapid helps make sure the network is ready to accommodate change, whether from technology adoption, mergers and acquisitions, organizational alignments or new application deployment.
A requirement for continuous certification to the ISO 27001:2005 is that an internal audit function regularly audits the ISMS or sections of the ISMS. This is to ensure that it continues to operate within the requirements of the standard. SecureRapid can provide this service and the audit schedule can be agreed and scheduled with your requirements.
Other
1. Minimize business risk relating to the network infrastructure.
2. Accommodate change for technology adoption, mergers and acquisitions, organizational alignments, or new application deployment to advance network infrastructures for competitive advantage.
3. Improve business knowledge of what is in place throughout the network to facilitate more accurate planning.
4. Establish a baseline for best practices, design and implementation of new services, and advanced technologies such as IP telephony, wireless, and advanced security.
Help stabilize unstable networks.
5. Standardize on software releases and hardware platforms to reduce maintenance and costs.
To achieve certification to the ISO 27001:2013 Information Security standard it is essential that you can demonstrate the standard is being rigorously applied to your ISMS. This will entail;
1. Ensuring all policies and procedures are properly documented and up to date.
2. Ensuring all staff are aware of the relevant processes and procedures
32. That staff are assigned information security roles and what those roles entail.
4.Audit logs and other evidence to demonstrate that policies, processes and procedures are being adhered to.
For this part of the project SecureRapid can
5. Implement the ISMS or6. Project Manage the implementation of the ISMS or
7. Provide consulting or advisory services during the review or
7. Conduct an audit at the end of the implementation to ensure that the ISMS has been implemented in accordance with the ISO 27001 Information Security standard or
SecureRapid can assist you in aligning your Information Security Management System (ISMS) with the ISO 27001 Information Security Standard. The following outlines how we have assisted other clients wishing to implement the ISO 27001 Information Security Standard.
1. The Statement of Applicability
This describes which clauses of the standard (Annex A) the organization has determined to be relevant and applicable to the ISMS
2. Organization Overview
A brief description of the organization's activities/services, and where available, a flow diagram(s) describing the organizations activities/services
3.Information Security Policy
A copy of the organization's information security manual, or selected information security related policies or procedures, depending upon how these have been documented in the organization.
4. Business Continuity Management
A copy the organization's business continuity strategy and/or business continuity plans for ensuring the continuity of essential services/activities in the event of major incidents.
5. Internal Audit Reports
Copies of any ISMS internal audit reports conducted to date, and a copy of the internal audit schedule.
6. Document Control Procedure
A description as to how documents within the scope of the ISMS will be controlled and maintained.
7. Corrective and Preventative Action Procedures
This defines how the organization will identify any weaknesses within the ISMS and how to address those weaknesses.
8. Internal Audit Procedure
A document outlining how internal audits of the ISMS will be conducted, by whom and outlining the frequency
9. Risk Assessment
A description of the risk assessment methodology used by the organization in its assessment of information security risks.
10. Risk Assessment Report
A copy of the information security risk assessment report, including the identification of any 'unacceptable' risks.
11. Risk Treatment Plans
A copy of the 'Risk Treatment Plan(s)' which has identified relevant controls to mitigate the risks identified through the risk assessment report