ISS Services - ISO 27001 + ISO 17799

ISO 17799 / ISO 27001 (BS 7799)

Independent compliance audits to ISO 17799:2005 / ISO 27001:2005 (Gap Analysis)
Implementation of an Information Security Management System (ISMS) to ISO 17799 / ISO 27001
ISO 17799 / ISO 27001 training

From Gap Analysis to Implementation

Now accepted as international best practice, ISO 17799 / ISO 27001 continues to be the de-facto standard for organisations to demonstrate that they take information security seriously and that they are an organisation a customer can trust. Whether seeking compliance to the standard or full certification, ISS can assist an organisation to reach their goal and provide objective guidance and advice based upon their extensive working knowledge. ISS is one of the few organisations recognised by the British Standards Institute (BSi) as an approved ‘Implementation Partner’, a fact about which we are justifiably proud.

ISS offers a full range of services based upon ISO 17799 / ISO 27001, from initial assessment of an organisation’s existing Information Security Management System (ISMS), often referred to as a Gap Analysis, to full ISO 17799 / ISO 27001 implementation programmes.

A Gap Analysis is a crucial stage in the ISO 17799 / ISO 27001 process whether seeking full certification or compliance. Before you can start on a programme of improvements you need to know your business, the key business processes and the importance of the information you hold. A Gap Analysis will highlight areas where there are significant gaps in the security management process, or security measures implemented, and allow an organisation to establish the foundation for a Security Improvement Programme to bring it to a stage of compliance to ISO 17799 / ISO 27001. The ISS approach to a Gap Analysis is to interview key management and technical personnel within an organisation over a defined period to establish the current state of ISO 17799 / ISO 27001 compliance.

The Review

Our review will consist of:

Defining the business requirement for security (to understand the scope, management commitment and business drivers for implementing ISO 17799 / ISO 27001)
Conducting a high level review of existing security documentation (to establish the current policy and procedures in place and to establish the accuracy and completeness of the documentation)
Interviews of key staff (to understand the actual security practices in place)
The Gap Analysis activity (where the findings of the previous exercises are compared with the control requirements of ISO 17799 / ISO 27001)
The preparation of a report (listing the findings and recommendations based upon the Gap Analysis activity, including a list of prioritised key recommendations)
Development of a Statement of Applicability (if required, detailing how each specific control is implemented. This document is a mandatory requirement for ISO 17799 / ISO 27001 compliance)