ISO 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
Strategy/Framework Selection - We'll help you determine the optimal approach to ISMS development in light of your industry, ISO 27001:2013 compliance, and attestation requirements. What is the right approach and how do you begin ISO-27001?
ISMS Scope Determination & Optimization - We can quickly help you determine the scope of your successful ISO-27001 certification effort. The scope will be broad enough to ensure key stakeholders are satisfied, but narrow enough to ensure the initial effort remains manageable.
Together, we'll perform your initial Risk Assessment - This is critical to understand your current state of readiness. It also helps your internal team members to become acquainted with the ISO 27001:2013 standard.
Gap Assessment – Understanding the gap between the current and desired state of the ISO 27001 Information Security Management System is a key input into our Gap Remediation Plan.
Security Controls Gap Assessment – Understanding the gap between the current and desired state of the control practices is a key input into our Gap Remediation Plan.
Gap Remediation Plan – this roadmap defines the activities, approach and responsibilities necessary to address identified gaps in the time-frame required to reach audit readiness, including certification.
Gap Remediation Facilitation/Support – Ideally, gap remediation will be largely accomplished by the internal team, rather than a third party (like The Lackland Corporation). We'll support the internal team while leveraging our SME's, our templates, organizational knowledge and expertise.
Security Metrics – The Lackland Corporation will help develop security metrics that reflect the operation of the ISMS. We focus on simplifying the process of measuring, reporting and improving ISMS effectiveness.
Policy, Standards, & Procedure (PSP) Support – The documentation is important. We can help draft candidate policies and standards.
ISO 27001:2013 Internal Audit – We'll conduct an internal audit to determine whether the control objectives, controls, processes and procedures:
- Conform to the requirements of ISO-27001 and relevant legislation or regulations;
- Conform to identified information security requirements;
- Are effectively implemented and maintained; and
- Perform as expected.
ISO 27001:2013 Certification Audit Support – Most organizations believe that having a Lackland Corporation representative on-site during one or both of the certification audit phases simplifies the process and reduces the risk that non-conformities may be cited.
We can join your Risk Management Team to provide on-going support – Many organizations favor the inclusion of an independent and objective third party with cross organizational/industry expertise to optimize the operation of the Risk Management Committee.