Achieve certification and boost your prospects’ trust
The goal of the CRANIUM ISO 27001 services is to establish and maintain an information security management system (ISMS) within your company, and to enable you to certify your organization against an internationally recognised standard. This will also help you to avoid security and data protection audits from your partners and gain the trust of current and future prospects more easily. Here below, we show you what the different services entail.
ISO 27001 Assessment
Take the first step towards implementing an information security management system
ISO 27001 assessment will give you an idea of the benefits of compliance for your business and the effort needed to pursue ISO 27001 implementation and to implement an information security management system (ISMS). If you already have an ISMS in place, an ISO 27001 assessment will tell you if you are maintaining it effectively.
ISO27001 is one of the proven management standards, which provide structure and guidance in setting up an Information Security Management System. Did you already make the effort of a security implementation track? ISO 2700 assessment will confirm if it’s ISO 27001 compliant or help you to determine what’s needed to achieve compliance.
CRANIUM assesses your security through interviews and a document review
The procedure starts with a kick-off meeting which includes an introduction to ISO 27001. Afterwards we assess your security through interviews with stakeholders and a document review. We analyze the state of your ISMS, which is vital to obtaining an overview of its performance. Our findings are gathered in an ISO 27001 Assessment Report and shared with you in a closing meeting. We also provide you with an ISO 27001 Implementation Roadmap.
ISO 27001 implementation
Enable your company to certify against an internationally recognised standard
ISO 27001 implementation supports (85%) GDPR compliance and adherence to other global standards on information governance. The approach to ISO 27001 implementation, apart from first defining the scope of the ISMS and a series of information security related processes and procedures defined in the ISO 27001 standard, can vary depending on your specific objective.
CRANIUM implements the processes to fill the gaps detected during the assessment phase
To answer key requirements and achieve ISO 27001 certification, we collaborate with your key stakeholders to define the key actions and processes to be implemented in your organization. We do this based on your assessment by CRANIUM or another external organization. Depending on your priorities and resources, we provide the expertise needed to accompany your organization throughout the entire implementation phase.
ISO 27001 Internal audit
Fulfill the ‘check’ phase of the ISO Plan Do Check Act (PDCA) cycle
By virtue of an ISO 27001 Internal audit the different controls described in the ISMS are assessed and thus allow you to complete the ‘check’ phase of the ISO Plan Do Check Act (PDCA) cycle. You can rely on CRANIUM to complete an ISO 27001 internal audit in case you don’t have an in-house internal auditor or audit team and need to have an audit performed as part of your 3-year certification cycle. You might also appeal to this audit in the context of your information security management system, if you lack the technical expertise to assess this control objective sufficiently.
CRANIUM verifies the effectiveness of the controls in your ISMS
The internal audit assesses your ISMS by means of a systematic and independent process. We first obtain audit evidence by performing a document review and exploring key elements of your policies and procedures required by the standard. We also take samples and interview auditees to verify the effectiveness of the controls and how they are adhered to. Everything is objectively evaluated to see which audit criteria are fulfilled and all findings are gathered in an ISO 27001 Internal Audit Report.