ISO 27001/27002 Readiness & Remediation

ISO 27001 / 27002 Readiness & Remediation

The ISO 27001 standard is the globally accepted standard and benchmark for information security. It outlines over 200 potential controls activities relevant for an ISO 27001 certification audit. ISO 27002 has established guidelines and principles for initiating, implementing, maintaining and improving an organization’s ISMS (Information Security Management System).

The twelve sections for ISO 27002 are:

  • Risk Assessment
  • Security Policy
  • Organization of Information Security
  • Asset Management
  • Human Resources Security
  • Physical Security
  • Communications and Operations Management
  • Access Control
  • Information Systems Acquisition, Development, Maintenance
  • Information Security Incident management
  • Business Continuity
  • Compliance

Within each section, there are control objectives and control activities that are recommended for implementation. Certain control objectives and activities may not be applicable to your organization and should be documented in the formal risk assessment when undergoing ISO 27002 readiness.

The Rubicon Advisory Group can help your organization prepare for an ISO 27001 audit by conducting a formal risk assessment of your current IT environment, design and implement ISO 27002 controls for your ISMS, perform a gap analysis and perform internal remediation prior to or after ISO 27001 certification has been completed by an accredited registrar.