falanx Cyber ISO 27001: How and why your organisation should get certified
Contents What is ISO 27001? 3 What does it cover? 3 Why should your organisation get certified? 4 Cost-effective security management 4 Business to business relationships 4 What are the benefits of ISO 27001 accreditation? 5 How can Falanx Cyber help you get certified? 6 ISO 27001 Workshop 6 Gap analysis 7 Policy Creation 7
What is ISO 27001? Published in 2013, ISO 27001 is the International Information Security Management Standard. It is part of the ISO/IEC 27000 series of standard and jointly published by the International Organisation for Standardization (ISO) and the International Electrotechnical Commission (IEC). What does it cover? The Information Security Management System (ISMS) is the fundamental concept of the ISO/IEC 27001:2013. As part of the overall management system, the ISMS is based on a risk-based approach to your organisation, where it looks to establish, implement, operate, monitor, review, maintain, and improve information security. As an organisation, you need to know what s important to you. The ISO 27001 helps you achieve this by considering the security risks associated with your organisation and prioritising them to implement, manage, monitor, and continue to improve the controls. An ISMS system helps to manage all of your security practices in one place, consistently and costeffectively. Its processes, documents, technology, and people help to manage, audit, monitor, and improve your organisation s information security. 3
Why should your organisation get certified? ISO 27001 is necessary for your organisation for two main reasons: cost effective security management and business to business relationships. Cost-effective security management What s important to you as an organisation? This is a question that will be specifically asked of you, so the ISO 27001 can implement the controls to protect what s important. This will allow your organisation to focus resources in what is an effective cost-saving exercise. Business to business relationships Having ISO 27001 in place presents a maturity and development with service providers, with many Invitation To Tenders (ITTs) or Request For Proposals (RFPs) specifically requesting it. It also indicates that as an organisation you have implemented security controls and they have been independently assessed by a third party. 4
What are the benefits of ISO 27001 accreditation? Having ISO 27001 in place demonstrates to your existing and potential customers that you have the best-practice security processes at the forefront of your organisation. Being ISO 27001 accredited benefits your organisation by having the opportunity to: Improve organisational structure and focus The standard helps organisations become more productive, clear and assertive by setting out information risk responsibilities. Avoid financial penalties and losses associated with data breaches ISO 27001 enables organisations to avoid both costly penalties and financial losses as well crisis and reputation management that may follow. Protect and enhance your reputation Implementing ISO 27001 protects your organisation against the threats of cyber-attacks, and validates you as an organisation that has taken the necessary steps to protect your assets and data. Win new business and retain existing customers Giving you a proven marketing edge, being ISO 27001 certified is good security practice as an organisation. It improves working relationships and will aid in retaining existing clients. 5
Compliance with business, legal, contractual, and regulatory requirements ISO 27001 ensures that the security controls that help to protect information are in line with increasingly rigid regulatory requirements, such as GDPR, the NIS Directive, and other cyber security laws. Obtain an independent opinion about your security position as an organisation To achieve certification, your organisation will undertake regular reviews and internal audits of the ISMS to ensure continual improvement, and whether controls are working as intended. How can Falanx Cyber help you get certified? ISO 27001 Workshop Your organisation can be supported by Falanx Cyber s ISO 27001 management briefing. This consultancy engagement includes a presentation to senior management, with the objective to educate on the following areas: What is ISO 27001? What are the benefits of certification? How do we achieve ISO 27001 certification? This activity assists senior management s commitment to allocate resources to an ISO 27001 compliance programme and initiate a certification project. 6
Gap analysis Gap analysis is defined by the broad, technical review that helps organisations learn about ISO 27001, understand its compliance requirements, and what its current compliance status is. Falanx Cyber will deliver a high-level presentation on-site which is designed for management, senior management, and C-level executives. The presentation articulates what the standard is, what their obligations are, and how organisations look to typically move forward to achieve compliance. Falanx Cyber will then discuss business processes, technical controls, and infrastructure with key stakeholders and technical staff to identify the applicable ISO 27001 controls associated with achieving compliance. The consultant will engage with key stakeholders to identify their implantation status from a maturity-based perspective. Where required, the consultant will provide information regarding the intent of individual controls and remediation advice. A bespoke report will then be created by the consultant to support and articulate the on-site findings, which will detail the current compliance status and define a roadmap to achieve compliance. Policy creation We work in partnership with our clients to determine where their current documentation falls short, and to write or re-write any relevant policies as necessary. At Falanx Cyber, we work with organisations to understand what policies are required for your working practices. Our team has the experience of ISO 27001, ISO 20000, ISO9001, PCI, IASME, and other general approaches to the definition of good governance frameworks. 7
Need to find out more about ISO 27001 and how Falanx Cyber can help you gain accreditation? Get in touch at info@falanx.com or call +44 (0) 20 7856 9450 Part of the Falanx group falanx Cyber falanx Technologies www.falanx.com