ISO 27001 is an international security standard that requires an organization to establish, maintain and continually improve an information security management system (ISMS). ISO 27001 is comprised of clauses and security controls divided up over 14 different security control categories. An organization must meet all the requirements set forth in the standard and be independently audited at regular intervals to validate proper ongoing implementation. The goal of ISO 27001 is to ensure that the mechanisms in place adequately protect the Confidentiality, Integrity and Availability of an organization’s network and data.
- Information Security Policies
- Organization of Information Security
- Humane Resource Security
- Asset Management
- Access Control
- Physical and Environmental Security
- Operations Security
- Communications Security
- System Acquisition, Development & maintenance
- Supplier Relationships
- Information Security Incident Management
- Information Security Aspects of Business Continuity Management
Why would an organization want to implement ISO 27001?
- Comply with contractual/legal requirements and avoid fines
- Gain a competitive advantage by validating your security posture and receiving certification
- Decrease incidents, breaches and fines by improving your security posture
- Protect your reputation by decreasing the occurrence/magnitude of incidents
The GAI cyber team is comprised of both certified Lead Implementors and Lead Auditors to support your organization’s ISO 27001 needs. Our team can help build out your program and develop all the policies, processes and structures, as well as recommending control mechanisms tailored to your organization’s environment. We will ensure that your audit goes smoothly and can facilitate all interactions with your auditor. GAI Cyber partners with several different accredited certification bodies that we leverage to provide independent ISO 27001 audit and certification.