Certifiable standard ISO/IEC 27001 on Information Security Management Systems and the others part of the 27xxx series are a recognized worldwide reference point for Information Security Management. ISO/IEC 27001 provides a solid model for the control and management of risks associated with information security valid for all kinds of organizations. It is a management standard and it does not include technical details and policies typical of the IT world, it is rather a management standard, just like ISO 9001 and others. Its scope includes on only purely IT security but also physical security, organizational security and human resources management and education.
- gap analysis: definition of ISMS scope, overview of current IT security policies and procedures, review of deficiencies with reference to ISO requirements, interviews with key personnel, final report on existing gaps and how to fill them before ISO 27001 certification;
- implementation consulting and support;
- internal audits;
- integration of the ISMS with other compliance or management models in place (ISO 9001, ISO 20000,COBIT..)