ISO/IEC 27001

What atsec offers
atsec has extensive experience with ISO/IEC 27001. atsec’s qualified consultants offer these services related to establishing and operating an ISMS:

  • Readiness assessment to help you understand the state of your ISMS before starting the full certification process according to the ISO/IEC 27001 standard.
  • Consulting services to help you develop and implement a comprehensive, business-oriented information security solution qualified for ISO/IEC 27001 certification. This includes risk management consulting to define appropriate methodologies and perform risk assessment.
  • Education and training for your staff to optimize your ISO/IEC 27001 certification efforts.
  • Internal audits performed on your behalf by atsec.
  • Consulting on electronic signature compliance.

Note that atsec is not a Certification Body and does not perform the formal certification audits.

Why our services are important to you
ISO/IEC 27001 and its related code of practice, ISO/IEC 27002, provide internationally-accepted, standardized criteria for implementing an effective information security management system. The basis for this standard is that information is an organization’s most valuable asset, and as such, information must be managed and protected from internal and external threats. To protect its information assets, an organization must develop sustainable security measures and integrate those measures into its business processes. ISO/IEC 27001 and ISO/IEC 27002 provide strategic and tactical direction for assessing, measuring, and preventing threats, and propose a range of security controls focused on safeguarding information assets.

ISO/IEC 27002 Controls Audit/Assessment Support

What atsec offers
Our qualified consultants have a range of technical expertise covering the ISO/IEC 27002 control list:

  • General requirements
  • Security Policy
  • Organization of Information Security
  • Asset Management
  • Human Resources Security
  • Physical and Environmental Security
  • Communication and Operations Management
  • Access Control
  • Information Systems Acquisition, Development and Maintenance
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance

Customers often choose to complement the assessment of their security controls with a firewall audit, enhanced vulnerability analysis, or penetration testing.

Why our services are important to you
Many companies use ISO/IEC 27001/27002 as a basis for internal audits of information security controls. This key standard has been utilized in response to requirements for ISO/IEC 27001, FISMA, HIPAA, Sarbanes Oxley, Payment Card Industry, and a whole host of other audit requirements.
It is difficult for companies to find experienced and qualified in-house personnel who can cover every control in the list. Using atsec’s security consultants provides you with an independent, third-party analysis of your deployment of these industry best-practice controls.