ISO 27001 Consulting in NY

What is ISO27001?

ISO27001 is an Information Security Management Systems (ISMS) standard that is promulgated by the International Organization for Standardization (ISO).  It is a formal specification for an ISMS in that it mandates a particular set of controls that need to be in place.  Therefore, organizations that claim to have adopted ISO27001 can be formally audited and certified compliant with the standard.  It is this ability to certify the operation of an ISMS that makes the standard unique and makes it ideal to be used as a form of independent attestation to the design and operation of an Information Security program.

ISO27001 certification requires that management:

  • Systematically examines the organization’s information security risks, taking account of the threats, vulnerabilities and impacts;
  • Designs and implements a coherent and comprehensive suite of information security controls (defined by ISO27002 (formerly 17799)) and/or other forms of risk treatment to address unacceptable risks; and,
  • Adopts an overarching management process to ensure that the information security controls meet the organization’s information security needs on an ongoing basis.

ISO27001 Benefit

Another benefit to 27001 is that an organization adhering to the 27001 standard can also simultaneously fulfill other compliance requirements including HIPAA,PCI, Sarbanes Oxley, and Identity Theft / Personally Identifiable Information regulations with minimal additional effort.