In today’s increasingly complex environment of Cloud-Based Computing and frequent data sharing between organizations, it has become important for many organizations to provide assurance to a 3rd party that they have a solid Information Security Program in place. One excellent way of accomplishing this is to pursue alignment with the ISO 27001 standard for managing information security.
- 27001 certification can help your organization provide customers with assurance that you have a well-functioning Security Program in place
- SecureState is one of a handful of U.S. companies with certified ISO 27001 Auditors on staff
The goal of the 27001 standard is to provide a framework for managing an information security program. At the heart of 27001 is the Deming cycle for quality assurance, which includes 4 phases:
Following this process takes an organization out of the business of implementing tactical fixes to specific IT Security problems, and instead moves IT Security into a strategic position; with IT Security decisions aligned with the organization's Risk Tolerance, and approved by executive management. A Security Program which has implemented all of the components of 27001 has reached a fairly mature state, and should continue to improve from year to year.
SecureState has a number of certified ISO 27001 Auditors on staff with deep knowledge of the standard, as well as the auditing process. More importantly, our staff members have extensive experience developing and building security programs both in alignment with the 27001 standard, and independently of it. By leveraging knowledge of both standards as well as successful real-world implementations, we are able to help a client build a useful, workable program while pursuing 27001 certification.