ISO 27001: 2013 IT Security Management Certification

We can help you achieve ISO 27001:2013 certification whether your IT system resides locally on your sever or on the cloud. We can also be your outsourced independent internal auditor.

ISO 27001:2013

The ISO 27001:2013 Standard puts more emphasis on the performance of an organizationís Information Security Management System (ISMS) and includes a new section on outsourcing. It no longer puts emphasis on only using the Plan-Do-Check-Act methodology and allows the use of other continual improvement methods such as Six Sigma. The risk assessment method has also been changed from following the old ISO Guide 73:2009 to using ISO 31000:2009 Risk Management- Principles and Guidelines. The new standard has been developed to better fit with other standards such as ISO 9001:2015.

The objective of the standard has remained the same and is to provide a model for establishing and implementing an Information Security Management System. It now has ten clauses, plus a long annex, which cover:

  1. Scope of the standard
  2. Normative references
  3. Terms and definitions
  4. Understanding the organization and its context
  5. Information security leadership and top management support for policy
  6. Risk assessment; risk treatment
  7. Supporting an information security management system
  8. Operation planning and control
  9. Reviewing the system's performance
  10. Improvement and corrective action
  11. Annex A: List of controls and objectives.

Annex Aís controls and objectives have been revised with new requirements added, some existing references from 2005 version modified/regrouped and other references deleted. The net result is that the number of controls have been reduced from 133 controls in 11 groups to 113 in 14 groups.

Certification Maintenance

If you already have your certification but are resource limited, we can offer you a certification maintenance program. We will periodically visit your facility to conduct the required internal audits, facilitate the management reviews, and follow-up on any corrective actions to make sure that you successfully pass your surveillance and recertification audits.


ISO/IEC 20000 IT Service Management Certification

We can also help you achieve ISO/IEC 20000 IT Service Management Certification.

 

For additional information, contact Frank Yazhari at frank@fyconsulting.com or call 908-875-7466 today.