The information security international standard referred as ISO27001 covers an organization’s Information Security Management System. It’s framed in terribly general terms, so as to increase its coverage to each sort and size of organization. However, this lack of specificity will at identical time be associate obstacle once applying the quality to a specific state of affairs. This is will be wherever ISO 27001 consultants can take away a good deal of the burden of decoding and applying this relatively new commonplace.
The ISO 27001 information security standard is an element of the ISO 27000 family of standards associated with information security. As an example, ISO 27002 contains the code of apply for information security management, and might pronto be utilized in conjunction with ISO 27001 once fitting associate ISMS. Since these are formal printed standards, it’s potential for an organization to be certified as compliant with them. So as to realize this, associate organization must turn the services of ISO 27001 consultants.
There are 2 potential roles for consultants: either they’ll advise the organization on the changes to implement ISMS so as to adjust to the quality, as an alternative they’ll act as auditors to hold out the certification itself. The 2 roles are reciprocally exclusive, as associate ISO 27001 certification consultant can’t afterward certify an organization that he or she has implemented. The ISO standard offers relatively very little detail about documentation procedures. Hence it’s vital that the ISO 27001 consultants ought to have vital business expertise. This can furnish them with the insight required to use the final clauses of the ISO 27001 standard to the particular state of affairs of the organization in question.
When choosing ISO 27001 certification consultants, there are bound queries that may usefully be asked, as follows:
What qualifications will the adviser have? Relevant certifications are: CISSP, CISM and also the new CGEIT.
How much expertise will the practice as an entire have with ISO 27001 or similar information security standard? The ISO 27001 standard is actually identical as section 2 of the recent British commonplace SB 7799, printed in 2002. A firm of ISOS 27001 consultants ought to be able to demonstrate intensive expertise with these standards, and with ISO 27002.
What references area unit out there from past purchasers for this sort of service? If a practice cannot offer testimonials, then it’s in all probability safest to avoid them.
If associate organization is partaking ISO 27001 certification consultants to advise on a roadmap towards certification, then it’s truthful to raise them what proportion of companies so suggested within the past were made in achieving enfranchisement against ISO 27001. If the proportion is sort of low, then it’s best to pick a competitor tender, even at a considerable price penalty, since creating a second try at enfranchisement would be terribly high-ticket in terms of fees and workers time.