Skip Ribbon Commands
Skip to main content
Home > Services > Audit and Compliance > ISO 27001 Assessment Implementation


ISO 27001 Assessment & Implementation


In today’s increasingly complex environment of Cloud-Based Computing and frequent data sharing between organizations, it has become important for many organizations to provide assurance to a 3rd party that they have a solid Information Security Program in place. One excellent way of accomplishing this is to pursue alignment with the ISO 27001 standard for managing information security.

  • 27001 certification can help your organization provide customers with assurance that you have a well-functioning Security Program in place
  • SecureState is one of a handful of U.S. companies with certified ISO 27001 Auditors on staff


The goal of the 27001 standard is to provide a framework for managing an information security program. At the heart of 27001 is the Deming cycle for quality assurance, which includes 4 phases:

  • Plan
  • Do
  • Check
  • Act

Following this process takes an organization out of the business of implementing tactical fixes to specific IT Security problems, and instead moves IT Security into a strategic position; with IT Security decisions aligned with the organization's Risk Tolerance, and approved by executive management. A Security Program which has implemented all of the components of 27001 has reached a fairly mature state, and should continue to improve from year to year.


SecureState has a number of certified ISO 27001 Auditors on staff with deep knowledge of the standard, as well as the auditing process. More importantly, our staff members have extensive experience developing and building security programs both in alignment with the 27001 standard, and independently of it. By leveraging knowledge of both standards as well as successful real-world implementations, we are able to help a client build a useful, workable program while pursuing 27001 certification.

Did You Know?

  • 27001 certification is a requirement for access to the British N3 Healthcare network
  • 27001 is the standard which organizations certify to, while 27002 is simply a list of controls which support 27001
  • 27001 implementation projects typically take 9 – 12 months

Our Approach and Methodology

SecureState approaches 27001 with a two-pronged approach. First, an ISO 27001 Readiness Assessment is performed to determine if 27001 certification is feasible for the client organization; and if so, what the timeframes and cost are likely to be for implementation. If the organization has not already identified the scope of its 27001 ISMS, SecureState will provide guidance here as well. Because 27001 is designed to be customized to align with an organization’s business goals and risk tolerance, each implementation is slightly different. For this reason, it is necessary to perform an initial assessment prior to tackling the large task of implementation.

If an organization chooses to pursue a 27001 program, SecureState will be engaged to assist in the 9 to 12 month process of ISMS implementation. Each project will slightly vary in which implementation tasks need to be performed, and where the organization most needs help. Some of the areas which SecureState can provide assistance include:

  • Project Management
  • 27001 Pre-Audit
  • Incident Response Planning
  • Business Continuity Planning
  • Audit Program Development
  • Policies & Procedures
  • Documentation Format
  • Control Implementation

What Makes Us Different

  • SecureState is one of a handful of U.S. companies with certified ISO 27001 Auditors on staff.
  • Our staff members are certified as Auditors and understand the certification process; however, their focus is on the successful implementation of a program.
  • SecureState has guided organizations through 27001 implementation

Related Services