The Challenge
Any organisation that has confidential information they need to protect such as customer data, payroll information, financial data or intellectual property should consider aligning with or getting fully certified to ISO 27001.
Organisations may be subject to regulations such as GDPR, HIPAA or the EU NIS directive; by aligning and certifying to ISO 27001, it can help demonstrate adherence to these regulations. Additionally, organisations may have to show that they follow best practice information security to become an approved supplier to a larger enterprise. Certification to ISO 27001 may also help reduce cyber insurance premiums.
The Service
ISO 27001 is an internationally recognised and widely adopted standard for information security. It takes a risk-based approach to securing an organisation’s most valuable information – whether that’s in digital or physical form.
ISO 27001 helps you manage risks to your business from accidental or deliberate misuse of confidential information. Above all, complying with ISO 27001 provides you with a best practice framework for managing information security. Unlike self-regulated standards, being certified to ISO 27001 involves having an independent verification, at least once a year, that demonstrates security is being managed appropriately.
ISO/IEC 27701:2019 is a privacy extension to ISO/IEC 27001 and organisations who are already certified to ISO 27001 will now be able to also certify to ISO 27701. The idea behind this new extension is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).
BH Consulting help clients implement ISO 27001 and ISO 27701 efficiently and effectively, whether they are looking to achieve full certification or just wishing to align with ISO 27001. We have specialist consultants dedicated to guiding organisations through the alignment process and on towards certification.
Whether the aim is to measure current information security practices against ISO 27001, or achieve certification to the standard, we provide the following steps:
Phase 1 – ISO 27001 Gap Analysis with report itemising gaps in security management and controls, with recommended resolutions.
Phase 2 – ISO 27001 Risk Assessment (including assistance building a risk register or adapting an existing register)
Phase 3 – Alignment of Information Security Management System (ISMS) with ISO 27001 Requirements (including development of any missing or incompatible policies)
Phase 4 – Implementation Process (including an Internal Audit prior to the certification process starting to validate readiness)
These services can be carried out remotely.
