Any business, in and outside of the cyber security industry, recognise that information is a hugely critical asset. Not just theirs, but their third parties’. The ISO/IEC 27001 Information Security Management System (ISMS) provides the requirements any business, big or small, should comply with to ensure sensitive information such as personally identifiable information (PII), financial information, trade secrets, client information and intellectual property are secure.
An ISMS Pre-Certification Audit can provide a mountain of benefits to any organisation seeking Certification to the standard. It’s an opportunity for an organisation to determine whether their selected controls are implemented correctly, if the controls are doing what they say they’re doing, and even help solidify why controls are included, or excluded, from the ISMS scope. Not to mention highlight any gaps, opportunities for improvement, or areas of concern.
For those already certified, a surveillance audit (this is done by the certifying body) ensures that an organisation still complies with the standard requirements and that the implemented controls are still effective. For example your organisation has brought in a new service, what new controls do you need? Maybe you’re no longer offering a service, what controls are no longer applicable? It provides further insight into the business: how you monitor, measure, analyse and evaluate the effectiveness of processes, people, technology and procedures helps to know how effective your controls are.
Information security is a never-ending process, your ISMS needs to continually improve and adapt to the ever-changing threatlandscape. Audits will help you make informedbusinessdecisions, and to set your strategic direction.
We offer pre-certification audits of business’s compliance with the standard to clients who wish to become certified or obtain recertification. If your business is working towards certification, the internal audit will provide a foundation and understanding of a business’s ISMS posture and certification capability. Contact ISD Cyber on enquiries@ISDCyber.com for more information.