What is the ISO 27001 Assessment?
If you are about to enter the ISO 27001 certification process, it is important to be well-prepared. The ISO 27001 Assessment brings to light which controls within the ISO 27001 standard in your organisation still require attention. You’ll know the state of your information security and what to do to strengthen vulnerabilities. We check everything according to the guidelines of the ISO standard. Additionally, this document will give you a clear view of the situation regarding your organisation’s information security and which steps to take to increase the level of your information security.
Why an ISO 27001 Assessment?
If your organisation wants to certify for ISO 27001, you will need to make preparations. The current situation must be mapped based on the requirements in the ISO norm. During this process, all risks will be brought to light to determine the desired situation and how to reach it. This process can take up a lot of time because the entire organisation must be investigated and the results compared to the ISO norm. By outsourcing this to professionals with the appropriate knowledge, your organisation can instead focus on what it does well. With the ISO 27001 Assessment, you make the perfect preparation for an ISO 27001 certifying journey.
Our ISO 27001 Assessment:
• Prepares you for the ISO 27001 audit
• Can be done before the mandatory internal audit and meets the audit requirements
• Creates awareness for the USO 27001 certifying process. What is it? What is required? What is your status?
• Provides insight into the status of your information security and what to do to strengthen vulnerabilities. We check everything according to the guidelines of the ISO standard. We make sure that you know what your organisation needs.
• Offers help to set up certain documents: what should be in, what is it for, who should set up the document, etc.
Ideal for organisation that want to become ISO 27001 certified
With this assessment we prepare and advise you for the ISO 27001 certifying process. Our ISO assessment is also applicable to the internal audit that must be done annually at the minimum.
Insight into the status of your information security
Direct insight into the vulnerabilities and risks within your network.
Score overview per control according to the ISO standard
Direct insight into which controls of the ISO standard require improvements and where you already score highly.
Personal visit on location
We will pay a visit on location to discuss the current situation with the stakeholders.
The report will not use professional jargon. The information about the status of your information security is presented in understandable language.
The assessment offers an ideal starting point to make the correct decisions for your company security. With the help of a roadmap, you will gain insight into which measures should have priority.
Identification, Protection, Detection, Reaction, and Restore
The controls of the ISO standard are divided into categories based on the NIST framework (National Institute of Standards and Technology). This framework describes the guidelines in the area of cybersecurity, so businesses can act better to prevent, detect, and react to incidents. The five domains are: identification, protection, detection, reaction, and restore. This makes it clear which control belongs to, for example, reaction during an incident, or the timely detection of information security incidents. The score is calculated based on these five categories of the NIST framework. We use icons to show the score (see accompanying example). This way, it is clear which part within the ISO norm in your organisation requires improvement.
You will receive a clear risk analysis based on the risks that were found during the ISO 27001 Assessment. This analysis helps you to decide in which area you can take (financial) measures to decrease the risks. You can also use this to prioritise.
The ISO 27001 Assessment journey
1 - Preliminary discussion
During the preliminary discussion with our security specialist (online or on location), we will discuss what your goal is with our assessment. We will discuss your organisation’s activities to create a personally tailored assessment. During this discussion, we will let you know which documents we require and which employees we will interview. Finally, we will plan the interviews with you.
2 - Interviews
Your employees will be interviewed by our security specialists remotely or on location. The questions will be fully based on the requirements that are set within the ISO 27001 norm. This will take 1 day. Some will be interviewed separately, while others will be interviewed in group sessions. We chose this combination because past experience has proven this leads to results with the most integrity. During the interview, we will keep records, which will be assessed and reported later.
3 - Document review
Based on the answers given during the interviews, the requested documents will be checked and assessed. More and new results will be taken from this and included in the final report.
4 - Reporting
After the specialist has paid you a visit on location, a report will be created based on the results. In this report, all ISO 27001 controls are covered and given a score. For every control where a vulnerability or risk has been identified, we will provide advice. In the report, you will find a measure register and a roadmap to assist you with which measure we deem most important. The report will be encrypted and sent to you securely.
5 - Debriefing
After sending the report, our account manager will contact you to plan a debriefing. During this meeting, a presentation will be given are allows for any additional questions about the ISO 27001 assessment. This meeting can be done both remotely and on location.
Reporting & Roadmap
All our findings, including the accompanying advice, will be presented in an extensive report. We will give an average score per ISO part, based on the findings during our research.
Additionally, scores are given to every ISO control, so it is clear to you where you score highly and where you score poorly. The report is written up in understandable language so you will not have to search for the solution in a large text of professional language.
In the report you will also receive a roadmap to guide you to which measures should have priority and which are less important. The goal is that you start with working on the biggest risks.
Finally, in combination with the debriefing, we can give an optional presentation, based on the report. In this presentation we will make a top 10 of the biggest vulnerabilities, for which we provide advice and roadmaps. It is possible to ask questions during this presentation.
Cost: 4500 excl. VAT
Request an ISO 27001 Assessment
Networking4all is an experienced professional in the area of security consultancy. We would be happy to discuss with you the possibilities of an ISO 27001 Assessment for your specific situation.
Contact us without obligation via +31 (0)20 7881030 / email@example.com
Would you like to know more?
Get in touch today.
Read in-depth articles
Do you want to know more about online security and our mission to make the internet safer for everyone?
Become our partner
Networking4all is ready to make the next entry in our timeline. We would love to include you in the next step as our partner. Do you want to read more about our mission and the possibility of a partnership?