ISO27001

We actively manage the whole Certification process from beginning to end, all you really need to do is make the initial contact – use form on the right.

We will arrange an initial meeting establish your requirements and the needs of your industry, create all the necessary documentation and procedures, actively help you to implement those procedures throughout the business making sure at each step you will comply with all the necessary regulations.

What is an ISMS?

An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.

Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS

ISO 27001 Gap Analysis

Intex IT ISO 27001 Gap Analysis service is for organizations that want to measure their current information security framework against the ISO 27001 and 27002 standards. This service is relevant to organizations who are embarking on a formal certification strategy or who want to gauge current information security controls and practices against a recognized standard.

The following are benefits of the ISO 27001 – Gap Analysis:

  • Realistic view of current corporate security procedures and controls

  • Highlights strengths and weaknesses of current information security framework

  • Actionable recommendations to help reduce risk and improve operational efficiency

  • Cost effective approach when preparing for ISO 27001 certification

Planning for ISO

ISO/IEC 27001 and its supporting document, ISO/IEC 27002 (ISO/IEC 17799), detail 133 security measures, which are organized into 11 sections and 39 control objectives. These sections specify the best practices for:

  • Business continuity planning

  • System access control

  • System acquisition, development and maintenance

  • Physical and environmental security

  • Compliance

  • Information security incident management

  • Personnel security

  • Security organization

  • Communication and operations management

  • Asset classification and control

  • Security policies

The ISMS may be certified as compliant with ISO/IEC 27001 by a number of accredited registrars worldwide. The ISO/IEC 27001 certification, like other ISO management system certifications, usually involves a three-stage audit process:

  • Stage 1—Informal review of the ISMS that includes checking the existence and completeness of key documents such as the:

    – Organization’s security policy

    – Risk treatment plan (RTP)

    – Statement of applicability (SOA)

  • Stage 2—Independent tests of the ISMS against the requirements specified in ISO/IEC 27001. Certification audits are usually conducted by ISO/IEC 27001 lead auditors.

  • Stage 3—Follow-up reviews or periodic audits to confirm that the organization remains in compliance with the standard. Certification maintenance requires periodic reassessment audits to confirm that the ISMS continues to operate as specified and intended.

Contact us for your ISO 27001 Auditing Requirements