ISO/IEC 27001 Certification Process
The ISO 27001 Certification Process can be intimidating. Our expertise is in getting you fully prepared for your ISO 27001 certification, but the
process doesn’t end there as we can provide support throughout the remaining steps required to be (and stay) ISO 27001 certified.
ISO 27001 Certification Process
The ISO 27001 certification process can seem intimidating—but it doesn’t have to be.
Pivot Point Security’s ISO 27001 proven process has helped many organizations like yours achieve and maintain certification. As your implementation partner, success is a guaranteed reality.
What will your ISO 27001 certification process require? Here is an easy-to-read roadmap:
Determine your scope
What information do you need to protect? What processes act on that information? Answering these questions will help you understand and document the people, systems and other assets that influence your information related risk. Interviewing “the right people” is usually the easiest way to gather the input you need.
Understand your current controls
The first step in going anywhere is to figure out where you are. What information security controls do you have in place today? To what extent are they operational? This step is just about documenting what’s currently being done; the “critiquing” step happens later. The easiest way to gather this input is to review policies, procedures, audit findings, penetration test results, etc.; along with interviewing IT and information security staff.
Analyze your risk
What are the risks posed to your information assets? Which risks are managed to an acceptable level, and which are not? These questions drive your risk assessment, where you identify and analyze risk, including which risks need to be addressed by improvements to your information security program.
Build a Risk Treatment Plan
Once you know which risks you need to address, you create a Risk Treatment Plan to mitigate them to acceptable levels by improving your security controls. This plan gives you the near-term, tactical guidance you need to start managing risk more effectively.
Execute your plan
A good Risk Treatment Plan prioritizes risk treatments based on risk level, effort level and the logical relationships between different treatments. Once you have executed and operationalized your plan, you’re ready to verify the effectiveness of your controls.
Conduct an internal audit
Your internal audit will help identify what is working well, and document what isn’t
The process for obtaining certification can be complex. Here is more information on how your ISO 27001 project can come to fruition:
Steps for Getting Certified
PPS Support (if required)
|Preparation for ISO 27001 Certification||
|Stage 1 ISO 27001 Certification Audit||
|Stage 2 ISO 27001 Certification Audit||