What is ISO 27001?
Though there are more than a dozen standards in the ISO/IEC 27000 family, ISO/IEC 27001 is well-known for specifying criteria for an Information Security Management System (ISMS). This enables any organization to stay on top of assets such as financial information, intellectual property, employee data, or information provided by a third party. There are three main areas that ISO 27001 focuses on:
Only authorized users have access to the data.
Only permitted individuals have the capacity to edit the information.
The information must be available to authorized personnel at all times.
How It Works
Insight Assurance specializes in assessing organizations looking for ISO/IEC 27001:2013 certifications (ISO 27001).
Our readiness assessment services simulate a certification audit by completing a review of your company’s policies, procedures and processes. The goal of this assessment is to identify gaps in your control environment related to ISO/IEC 27001 Certifications.
2. Stage 1 Audit
Stage 1 audits include the review of the company’s documentation to confirm its alignment with the ISO/IEC 27001 Certifications standard. In addition, our certified experts will assess other areas and activities prior to moving to the stage 2 audit.
3. Stage 2 Audit
The stage 2 audit includes a detailed review of the documentation, evidence of the performance of the controls, interviews with key personnel, and process observation. After stage 2, we are able to provide a recommendation for certification or the requirement of follow-up procedures for non-conformities.
4. Surveillance Audit
In order to maintain your certification, we would perform annual surveillance audits to assess your conformity with the ISO/IEC 27001 Certifications standard. This process includes testing on a sample basis of some of the controls in place as well as gathering evidence of some of the internal controls in place at the company.