ISO27001:2005

Why Use Us?
Why ISO27001?
What's in the Standard?
Who's Using the Standard?
The Acenseo Method
Scoping
Gap Analysis
Security Improvement Programme
Developing Information Asset Registers
The Risk Assessment Report
Policies and Procedures
Statement of Applicability (SoA)
Awareness Programmes
Internal Compliance Audits

Why Use Us?

Acenseo are a premier supplier of ISO27001 consulting services. Our experienced specialists use our proven methodology to achieve success for our clients.

Acenseo offer a solution that includes risk assessment, policy and procedure writing, technical expertise, business continuity consultancy, project management and skills transfer to ensure project success.

Why ISO27001?

Information is one of your most important organisational assets, yet consistently because of poor management, this is constantly under threat. By providing a formal, structured framework, ISO27001 allows you to have increased assurances of your security practice, and provides an effective means of communicating this internally and to the outside world.

From a technical and procedural perspective it should not only help reduce the threat to the business plan from identified threats such as hacking and viruses, but should also help reduce the vulnerability of your system to these threats and the impact should these threats materialise.

Technical Improvements Include:

Justified Technical Controls
Identified points of weakness
Managed Operational Risk
Improved awareness amongst staff

ISO27001 can also add distinct commercial advantages in the demonstration that companies have deployed an 'appropriate security practice'. This not only offers significant sales advantages, but also potential advantages when considering legislation such as Data Protection and the Turnbull report (Governance on companies listed on the stock exchange).

Business Advantages Include:

Competitive advantage
Increase customer and partner confidence
Improved Business efficiency
Regulatory Compliance
Contingency Plans

What's in the Standard?

The standard effectively comes in two parts:

ISO27001:2005
This is a standard specification for an Information Security Management Systems (ISMS). An ISMS is the means by which Senior Management monitor and control their security, minimising the residual business risk and ensuring that security continues to fulfil corporate, customer and legal requirements.
ISO27002:2005
This is the Standard Code of Practice and can be regarded as a comprehensive catalogue of good security things to do. The information provided for each control is intended for guidance only

Who's Using the Standard?

Take a look at some of the thousands of organisations worldwide who are already compliant with the standard.

Bechtel Group Ltd
BT
Business Systems Group
Cable & Wireless IDC Inc
DTI
EDS
Hays Commercial Services
HM Government Communications Centre
KPMG
Mitsubishi
NHS Purchasing and Supply Agency
Nokia
NTT
Orange
Royal Mail
SchlumbergerSema
Serious Fraud Office
Siemens
Sony
The Royal Bank of Scotland
The Stationery Office
Talk Talk
T-Mobile (UK) Ltd
T-Systems
Vodafone
Yorkshire Water IT

You can see the full list here.

The UK Government requires all central government departments to be compliant with the standard, so with this in mind ISO27001 is being used by government as one of mandatory requirements during tendering. Are you tending for public sector business without ISO27001? If so you should mark yourself out as organisation that takes itself and its trading partners seriously by gaining compliance with the standard.

The Acenseo Method

Acenseo has significant experience in implementing strategies to become and demonstrate compliance with the ISO27001 Standard. We adopt a staged approach allowing clients to utilise our expertise in any of the key stages of a compliance programme, all of which are designed to introduce an Information Security Management System that follows the Plan, Do, Check, Act model introduced in ISO27002:2005. This is a de-facto methodology and ensures that the correct components are engaged, evaluated, monitored and improved on a continuous basis.

Scoping

To maximize the benefit and minimise the cost of your compliance programme it is critical that it is scoped correctly. This critical stage is often poorly approached and can lead to problems that can jeopardise the overall project success.

We will ask some fundamental questions to ensure that your programme of work is defined in such a way as to maximize business benefit.

Consider the cost/benefit of total compliance?
What are your critical business processes?
How big should the ISMS be?
What are the business objectives for the compliance programme?
What are the short, medium, long term objectives of the organisation?
How can the scope be devised to be expandable at a later stage?

Gap Analysis

The aim of the Gap Analysis is to highlight areas where there are significant gaps in the current processes or security measures implemented that are considered to be inconsistent with the requirements of the standard.

Acenseo have devised a simple system for asking the right question about the control which will identify weaknesses and begin the process of developing an improvement plan.

Our consultants have significant experience in this area and can expertly review your current practices against the requirements of the standard.

Security Improvement Programme

A direct output from the Gap Analysis will be an Action Plan to address each area of weakness identified, and provide practical advice on how to address deficiencies. For each recommendation made Acenseo will cost, prioritise and help to resource each action.

Developing Information Asset Registers

A mandatory element to any compliance programme is the creation of an Information Asset Register. This will then be a critical element used during the Risk Assessment.

Our consultants have considerable expertise in developing this mandatory document using a variety of approaches.

The Risk Assessment Report

To comply with ISO27001, organisations must conduct a risk assessment and define and implement a risk treatment plan. In line with the Standard, which does not mandate a style of risk assessment that must be used, Acenseo have experienced consultants who can develop the required documentation using a number of different tools and techniques.

See our section on Risk Management for more details.

Policies and Procedures

A requirement of any compliance programme will be the creation of documentation that will allow an organisation to demonstrate the way in which its security management system operates. These will be a mixture of Policies (why); Procedures and Guidelines (who and when); and Standards (how). What is critical is that:

Policies reflect requirements and are not created 'because they need to be'
Effective procedures should be useful, benefit the business, and where possible utilise existing mechanisms
All policies, procedures and standards should demonstrably reduce incidents
'Shelf-ware' is not created; it does not benefit anybody, and does not impress ISO27001 auditors.

Our consultants have considerable expertise in developing all of these documents to assist you through the compliance process. We also have at our disposal a number of innovative ways in which the information can be stored and disseminated to reduce overheads and increase effectiveness.

Statement of Applicability (SoA)

This is a mandatory document, describing how an organisation has interpreted and applied the Standard, referencing supporting evidence.

Acenseo has the expertise to help your organisation develop an SoA that will meet auditing requirements whilst providing you with a document that delivers real value.

Awareness Programmes

A critical, and mandatory element of any ISO27001 programme is the deployment of awareness strategies that demonstrably increase the level of awareness of information security within the organisation.

Acenseo have a pragmatic approach to the development of such programmes, utilising a variety of delivery mediums aimed at a variety of audiences from the general user to the sophisticated IT professional.

Internal Compliance Audits

Acenseo helps organisations maintain and improve their Information Security Management Systems (ISMS) by offering the following services:

Creating audit frameworks
Creating audit schedules appropriate for the compliance with the standard
Conducting internal audits

Trade up your current authentication solution to Ascend ID and receive a guaranteed buy back...

find out more

Trade up your existing switches to Juniper and receive a guaranteed buy back for the existing Cisco solution...
find out more

15th May 2012 - London, UK

19 - 20 September 2012 | London, UK

17-18 October 2012, EARLS COURT 2, LONDON, UK

Connect With Us

  Facebook Page

  Twitter Account

  YouTube Channel

  Linkedin Profile

  Blogspot

  Word Press

Services

Support & Managed

Cloud

Consultancy

Training

Risk Assessment

Vulnerability Assessment

Partners

Barracuda Networks

Becrypt

Blue Coat

Check Point

Citrix

Juniper Networks

Sophos

Vasco

Vmware

WebSense

Company

About Us

Job Oppurtunities

Compliance

Our Clients

Events

Promotions

Contact Us

Sales Team
sales@acenseo.com

Enquiries
info@acenseo.com

Support Team
support@acenseo.com

Press & Media
media@acenseo.com

© Copyright 2012 Acenseo Ltd. All Rights Reserved.Terms and Conditions