ISO 27001 consultants is usually invaluable to help your organisation to adhere to ISO 27001, the info security management standard. The international standard ISO 27001, also known as ISO/IEC 27001, covers an organisation’s Information Security Management System (ISMS). It really is framed in very general terms, as a way to extend its coverage to every one type and size of organisation. However, this not enough specificity can as well be a hurdle when applying the standard to a particular situation. And here , ISO 27001 consultants can remove a substantial amount of the duty of interpreting and using this comparatively new standard.
Published in 2005, the ISO 27001 standard is part of the ISO/IEC 27000 category of standards associated with information security. One example is, ISO 27002 comprises the code of practice for information security management, and will readily be taken together with ISO 27001 when configuring an ISMS. Online traffic are formal published standards, it is also possible with an organisation to generally be certified as compliant using them. To experience this, a company should turn to the expertise of ISO 27001 consultants.
The two possible roles for consultants: either they are able to advise the organisation about the changes to implement as a way to observe the common, or maybe they could act as auditors to do the certification itself. Both the roles are mutually exclusive, being an ISO 27001 consultant cannot subsequently certify an organisation that she or he has previously advised.
The published standard gives comparatively little detail. Hence it is important that the ISO 27001 consultants must have significant business experience, ideally in the senior information security role, together with a very wide breadth of experience in a number different companies. This tends to furnish these with the insight had to apply the typical clauses on the ISO 27001 standard to the specific situation of your organisation showcased.
When selecting ISO 27001 consultants, there are certain questions that will usefully get asked, as follows:
What qualifications does the consultant have? Relevant certifications are: CISSP (awarded by ISC2), CISM (awarded by ISACA) and also the new CGEIT (also from ISACA).
How much experience does the consultancy all together have with ISO 27001 or similar standards? The ISO 27001 standard is actually similar to section 2 on the old British Standard BS 7799, published in 2002. An enterprise of ISOS 27001 consultants should be able to demonstrate extensive knowledge of these standards, is actually ISO 27002 (formerly ISO 17799).
What references can be obtained from top customers because of this type of service? When a consultancy cannot supply testimonials, then it is probably safest to prevent them.
If a company is engaging ISO 27001 consultants to advise on a guide towards certification, it’s fair to question them what quantity of firms thus advised prior to now were successful in attaining accreditation against ISO 27001. If your proportion is very low, then its far better pick a competing tender, even for a substantial cost penalty, since generating a second attempt at accreditation could well be expensive with regards to fees and staff time.