ISO 27001

Like death and taxes, compliance is unavoidable. Certain industries are heavily regulated, such as those in the Finance or Utility sectors, and all organizations are statutorily regulated. Various Acts have been introduced to ensure that personal data is secure, that systems are protected from attack, and that recourse is available for those adversely affected by the failure of an organization to introduce adequate countermeasures.

The whole area is confusing and it is unfortunate that we find this confusion preventing organizations from complying. Our professional services team have extensive experience in the interpretation and execution of compliance requirements having undertaken practical implementations across many industry sectors.

ISO 27001 Overview

This is the international Code of Practice for information security management and offers a means by which certification against the standard can be achieved. Organizations certified to ISO27001 have demonstrated that their ISMS is of a level currently considered globally to represent best practice. Other organizations are utilizing the Code of Practice in their compliance programs to satisfy their internal requirements to achieve best practice.

The route to certification comprises a number of stages, typically;

• Identification of Scope
• Gap Analysis
• Risk Assessment
• Security Improvement Plan
• Statement of Applicability
• Training and Awareness
• Mock Assessment

Dell SecureWorks has undertaken a large number of compliance and certification projects and is able to assist organizations in the pursuit of certification in a simple and effective manner.