Valency Networks is ISO 27001 consulting services help organizations strategize, build, and certify a robust and effective Information Security Management System (ISMS). Our ISO-27001 consulting team brings extensive experience and deep information security domain expertise to ensure that you achieve ISO 27001 certification—on time and on budget.
ISO 27001 Advisory Services Feature
ISO-27001 consulting services include:
Information Security Management System (ISMS) Strategy/Framework Selection : Determining the optimal approach to ISMS development in light of industry, regulatory compliance, and attestation requirements.
ISMS Scope Determination & Optimization : Scope determination is critical to a successful ISO-27001 certification effort. The scope needs to be broad enough to ensure that it will satisfy key stakeholders (e.g., clients, shareholders) but narrow enough to ensure the initial effort remains manageable.
Risk Assessment : Risk Assessment/Management is fundamental to an ISMS. We believe that ISO-27001 has an advantage over many other Risk Assessment standards in that it is well suited to a non-asset based approach. This “information and the processes that act on it” approach yields a much more intuitive process that drives far greater value, in less time.
Risk Treatment Plan Development : The risk treatment plan defines the ISO-27001 controls required, including the necessary extent and rigor, to treat (mitigate) risk to a level that is deemed acceptable by management. It is a fundamental ISMS artifact and forms the basis/standard for the gap assessment.
ISMS Gap Assessment : Understanding the gap between the current and desired state of the Information Security Management System (e.g., ISO-27001) is a key input into a “Prioritized Roadmap” (Gap Remediation Plan).
Security Controls Gap Assessment : Understanding the gap between the current and desired state of the control practices is a key input into a “Prioritized Roadmap” (Gap Remediation Plan)
Prioritized Roadmap Definition : Roadmaps define the activities, approach and responsibilities necessary to address identified gaps in the time-frame required to achieve project objectives, including certification.
Gap Remediation Facilitation/Support : Ideally, gap remediation will be largely accomplished by the internal team, rather than a third party (like Valency Networks). An internally focused approach leveraging a third party for SME on demand, templates and artifact validation, maximizes the development of organizational knowledge/expertise, ensures that key personnel are “stakeholders” in the resultant control environment and prevents an organization from being overly reliant on a third party to operate the ISMS post certification.
Security Metrics : Security metrics are critical to the optimal operation of an ISMS, as they are integral to demonstrating the continuous improvement principles that are inherent in most ISMSs. This service is focused on simplifying the process of measuring, reporting and hence systematically improving ISMS effectiveness. Independent of the security framework being leveraged.
Policy, Standards, & Procedure (PSP) Support : PSPs form the backbone of any ISMS. Remarkably, although PSPs are the most basic elements of an ISMS, they are also one of the most complex to implement effectively. This is largely due to the comprehensive and inter-dependent nature of PSPs. Key decision points to consider before embarking on a PSP effort:
ISMS Internal Audit : Integral to the PDCA model of most ISMSs is a requirement to conduct an internal audit to determine whether the control objectives, controls, processes and procedures of its ISMS: o Conform to the requirements of ISO-27001 and relevant legislation or regulations; o Conform to identified information security requirements; o Are effectively implemented and maintained; and o Perform as expected.
Certification Audit Support : Many organizations believe that having a Valency Networks auditor on-site during one or both of the certification audit phases simplifies the process and reduces the risk that non-conformities may be cited.