ISO-27001 & ISO-27002 Compliance
Developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO-27000 is a series of best practice recommendations for information security management.
The recommendations describe an information security management system (ISMS), an overall systematic approach to manage the information security risks, instead of disjointed IT controls that may leave parts of the organization and non-IT assets especially vulnerable. In addition to IT and cyber security, the ISMS covers human resources, physical access, software development, vendor management, and business continuity as they relate to information security.
- ISO-27001 is recognized certifiable standard. Its controls are derived from ISO-27002
- ISO-27002 is an advisory standard that can be interpreted in accordance to the size and type of an organization
Who does it apply to?
The ISO-27001 certification may be required by a client or a partner to conduct business. Or it can be seen as a competitive advantage to acquire additional business.
ISO-27001 certification is a credential that demonstrates that the company is in compliance with the well-recognized international standard, and systematically follows the best practices of information security across the whole organization.
The certification gives clients, partners, and employees, the assurance that the data is secure within the company.
How can GoldSky support you with your ISO-27001 compliance needs?
- GoldSky can tailor the ISO-27002 standards to apply with your organization type, size, and goals.
- GoldSky can establish the information security management system (ISMS) and the corresponding documentation, practices, policies and procedures, as required by the ISO-27001 certification.
- GoldSky can perform the follow-up reviews to ensure that the organization remains in compliance, and iteratively improves and matures the ISMS, as required by the certification.
“We could not be more pleased with our partnership with GoldSky Security. The experience and professionalism from your team has exceeded our expectations from day one. Your team was on-site within a week of our initial call. We appreciate the responsiveness and expertise you provided in performing our NIST 800-171 Gap Assessment and now CSOaaS program. Having an On-Demand CSO partner to assist us in building a sound cybersecurity program while maintaining NIST 800-171 compliance has proven to be both efficient and cost-effective. Thanks!”