2. What is ISO 27001 and how can you assist our organization regarding ISO compliance, specifically with providing consulting and information security policies and procedures?
A common question we receive at Flat Iron Technologies, LLC is “What is ISO 27001?” In summary, it's a management standard that has undergone notable revisions within recent years, due in large part to the major standard-setting bodies, such as ISO and EIC, who have ultimately adopted and put for the ISO 27001 framework. Specifically, ISO 27001:2013 (ISO/IEC 27001:2013 Information technology - Security techniques - Information security management systems - Requirements) defines requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented "Information Security Management System" (ISMS) within organizations. It's a fairly detailed standard that advocates the Plan, Do, Check, Act (PDCA) process for an ISMS. The actual ISO 27001 standard is titled "Information technology - Security techniques - Information Security management systems - requirements" and is available for purchase through any number of entities, such as the BSi (bsigroup.com).
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
Providers of ISO 27001 Pre-certification Services
Many organizations around the world ultimately obtain certification against ISO 27001, which can be accomplished through any of the licensed, qualified certification bodies. While Flat Iron Technologies, LLC is not a certification body, we do specialize in what's without question the most demanding and time-consuming activities for obtaining ISO 27001 certification, and that's all the necessary "pre-certification" work that has to be done, such as working with organizations in understanding, developing and implementing the ISMS framework, developing policies, procedures, and other supporting documentation as required by ISO 27001, and other notable deliverables. In short, there's much work to be done before organization can even think of calling in a certification body for ISO 27001.
Well-skilled Consultants for Helping you Become ISO 27001 Compliant
We have vast experience in getting organizations ISO 27001 "ready", along with having an extensive list of references for certification bodies in giving you the final seal of approval. Don't forget that ISO 27002, which is officially a "code of practice" within the ISO 2700 series family, is a critical component for implementing an ISMS framework, thus spend some time in learning about ISO 27002:2013, which is officially titled "Information Technology - Security Techniques - Code of practice for information security controls." ISO 27002 is also available for purchase from any number of entities. You can learn more about our ISO 27001 services and the ISO 27001 framework from.
Our Documentation is Excellent for ISO 27001 Compliance
Additionally, our GISCP set of policies, procedures, forms, checklists, templates, and provisioning and hardening documents are essential material in helping organizations implement an ISMS framework. Remember that policies and procedures are a notable aspect of ISO 27001.