ISO 27001 Transition Management

• Adoption of ISO 27001 is accelerating internationally.
• Organisations are recognising that from being a discriminator it will soon be a prerequisite to conducting business in many sectors.
• Alignment with the ISO 27001 standard can be a daunting task.
• commissum's experienced professionals are able to manage the transition process for you efficiently.

The benefits of commissum managing the process for you include:

• Knowledge of the standard and the implementation process.
• Limited disruption to the business.
• Management controls established in empathy with the values of the business.
• Certification "right first time" for lower cost.

ISO 27001 Management Transition Issues

Establishing the Information Security Management System (ISMS) necessary to achieve alignment with the ISO 27001 standard can be a daunting task. If done in-house, it is likely to divert significant resources and attention from the tactical demands of security management and administration, and from the business of the organisation in general. If you have decided to seek formal certification, you will wish to adopt a "right first time" approach, as failing to achieve it will not only reflect badly on your business and security management practices, but may also also significantly increase the cost of the process.

The UK Department of Trade and Industry (DTI) has published a roadmap for achieving alignment with ISO 27001. The process is complex, and for efficient and effective implementation it requires experience and knowledge of risk management, and the establishment of security controls and documentation.

Approach

The UK DTI guidance material stresses that an organisation should use risk management techniques to establish the scope and depth of requirement for security controls. Controls and processes must be appropriate to the business. commissum's experienced professionals are able to manage the process for you efficiently, the elements of the approach being:

• Proven management plans used to conduct assignment.
• ISO 27001 gap analysis undertaken to establish requirements.
• Experienced IT Security Manager conducts requirement review and analysis.
• Definition of control objectives and statement of applicability maps the organisation's security requirements to teh applicable clauses of the standard.
• Implementation plan drawn up to achieve control objectives.
• Management of implementation process.
• Audits conducted to test readiness for independent third-party review by an accredited organisation, leading to formal certification.

ISO 27001 Transition Management Customer Benefits:

Clients benefit from the applied knowledge of experienced commissum professionals:

• Knowledge of the standard and its implementation process.
• Limited disruption to the business from day-to-day management of the process.
• Security management and administration controls established in empathy with the values of the business.
• Faster and more assured certification (or self-certification) - "right first time" for a lower cost.
• Assistance in selecting and co-ordinating with an appropriate certification agency.

ISO27001 Transition Management (43.4 KB)

• Cyber Security Strategy
• ISO 27001/2 Gap Analysis
• CLAS
• Security Health Check
• Security Audit
• ISO 27001 transition
• PCI DSS
• Secure Software Development
• Business Continuity Consulting
• Education