ISO 27001 Readiness
ISO 27001 (formerly BS7799) is recognized as the standard for information security management. It provides a framework to minimize the threats to information and communication technology assets and the business.
A formal Readiness Assessment is not a requirement of certification to the ISO/IEC 2700 Standard but it can be helpful in assisting your organization to prepare for initial certiﬁcation.
The intention of the assessment is to save the organization time and money by identifying deficiencies in its Information Security Management System (ISMS) before seeking Certification to the ISO/IEC 27001 Standard.
What are the ISO 27001 standards?
Before embarking on an ISO 27001 certification attempt, all key stakeholders within an organization should become very familiar with how the standard is arranged and used. ISO 27001 is broken into 12 separate sections:
describes what information security is and why an organization should manage risks.
covers high-level requirements for an ISMS to apply to all types or organizations.
explains the relationship between ISO 27000 and 27001 standards.
Terms and Definitions
covers the complex terminology that is used within the standard.
Context of the Organization
explains what stakeholders should be involved in the creation and maintenance of the ISMS.
describes how leaders within the organization should commit to ISMS policies and procedures.
covers an outline of how risk management should be planned across the organization.
describes how to raise awareness about information security and assign responsibilities.
covers how risks should be managed and how documentation should be performed to meet audit standards.
provides guidelines on how to monitor and measure the performance of the ISMS.
explains how the ISMS should be continually updated and improved, especially following audits.
Reference Control Objectives and Controls
provides an annex detailing the individual elements of an audit.