ISO-27001 & ISO-27002 Compliance

Developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO-27000 is a series of best practice recommendations for information security management. 

The recommendations describe an information security management system (ISMS), an overall systematic approach to manage the information security risks, instead of disjointed IT controls that may leave parts of the organization and non-IT assets especially vulnerable. In addition to IT and cyber security, the ISMS covers human resources, physical access, software development, vendor management, and business continuity as they relate to information security.

• ISO-27001 is recognized certifiable standard. Its controls are derived from ISO-27002
• ISO-27002 is an advisory standard that can be interpreted in accordance to the size and type of an organizatio

Who does it apply to?

The ISO-27001 certification may be required by a client or a partner to conduct business. Or it can be seen as a competitive advantage to acquire additional business.

ISO-27001 certification is a credential that demonstrates that the company is in compliance with the well-recognized international standard, and systematically follows the best practices of information security across the whole organization. 

The certification gives clients, partners, and employees, the assurance that the data is secure within the company.

How can GoldSky support you with your ISO-27001 compliance needs?

• GoldSky can tailor the ISO-27002 standards to apply with your organization type, size, and goals.
• GoldSky can establish the information security management system (ISMS) and the corresponding documentation, practices, policies and procedures, as required by the ISO-27001 certification.
• GoldSky can perform the follow-up reviews to ensure that the organization remains in compliance, and iteratively improves and matures the ISMS, as required by the certification.