Why ISO 27001?
Completing an ISO 27001 Certification Audit and becoming certified benefits your organization by:
Differentiation from your competitors by providing your organization with independent verification that your information security management system has met the requirements of this globally-recognized information security standard.
Reducing costs on additional compliance efforts. Common processes, procedures and controls implemented as part of ISO 27001 conformance can be leveraged for other compliance efforts such as PCI, HIPAA, and Sarbanes-Oxley.
ISO Gap Analysis
Coalfire ISO can provide an early stage gap analysis to determine what pieces of your ISMS are in place or what pieces are missing before you move forward to an informal pre-assessment or to the formal certification audit. The gap analysis is ideal for entities who are in the process of finalizing their ISMS.
ISO 27001 Pre-Assessment
Coalfire ISO can provide a review of your ISMS and its operation essentially as a rehearsal for the future audit. As part of this work, Coalfire will do a document review and interview employees. The pre-assessment’s objective is to seek the degree of conformance of your system to the ISO 27001 standard and provide a green light to go for the certification audit, or maybe a yellow light if some fine tuning is necessary.
With an ISO 27001 pre-assessment, your organization will receive a formal report of any findings and remediation requirements to bring your ISMS into conformance with the ISO 27001 Standard. The pre-assessment report will bring to light non-conformities, allowing the organization enough time to address those prior to starting the formal certification audit.
ISO 27001 Certification
This is the formal certification assessment of the ISO 27001 standard against your ISMS leading to certification. Stage I of the audit assesses your documentation and other information to ensure that you have all the pieces in place in readiness for the Stage 2 Audit. The Stage 2 Audit is focused on practical, `walking the walk’ criteria rather than just `talking the talk’ results, usually onsite at client locations. The certification audit can commence once the client ISMS is fully operational.
Formal reports are provided at the end of both the Stage 1 and Stage 2 audits, with the certification recommendation being made at the last day of the Stage 2 onsite.
Coalfire ISO, Inc.
Coalfire provides ISO pre-assessment and certification through its wholly-owned subsidiary Coalfire ISO, Inc.