Everyone looking to be ISO 27001 certified is searching for an “ISO 27001 Checklist”.

Ignoring what everyone wants is a bad idea but ignoring the advice of our expert consultants is a bad idea as well…

We offer you a list of questions that will help frame your mind around how your organization is currently positioned if you were to be considered for ISO 27001 certification.

These questions are meant ONLY to help frame the ISO standard around your organization but provide wee … limited… little… scant value in telling you how close you are to certification.

Whether you work with us or not, we believe knowing you’re secure and proving you’re compliant is important for all organizations.

Context – Do you know what needs to be protected?

Have you documented:

  1. All external and internal issues that affect your ISMS?
  2. Information security stakeholders and their information security requirements?
  3. Dependencies on other organizations that must be considered when determining what needs to be protected and where?

Leadership – Do you know management’s vision?

Can you provide evidence of leadership’s vision for:

  1. What information & how information should be protected?
  2. How roles, responsibilities & authorities required for information security will be established?
  3. How the vision will be made available, communicated, maintained and understood by all parties?

Planning – Do you have a plan to fulfill the vision?

Have you conducted a comprehensive risk assessment that analyzed risk and determined probability of potential impacts to achieving objectives & management’s vision?

Support – Do you have the support the plan needs to be successful?

Can you demonstrate you have the following pieces to support your plan: resources, competencies, awareness, document management process, ability to communicate the plan internally & externally?

Operation – Have you executed your plan?

Can you prove your plan has been executed, per the plan? Have you:

  1. Carried out operational planning and control processes?
  2. Confirmed information security risk assessments were conducted as planned?
  3. Confirmed information security risk treatment plans were documented and implemented?

Performance Evaluation – Is your plan successful?

Have you demonstrated:

  1. A process for management review of the ISMS?
  2. Have you conducted internal audits to determine the information security management process complies with your organization’s requirements?
  3. The ability to track security metrics?

Improvement – Are you making corrective actions and continual improvements?

  1. Do you have corrective action plans?
  2. Are you reacting to nonconformities identifying their root causes and implementing corrective actions to ensure a consistent, improvable, effective & repeatable ISMS is in place?

Need to fill gaps to achieve ISO 27001 certification…

Simplified ISO 27001 Certification + Continued Management all for a Fixed Monthly Fee.

  • Reach compliance at your own pace – Dedicated ISO 27001 expertise to ensure you have the answers, guided documentation and extended team members you need when you need them.

  • Stay on target – We host regularly status/coordination/working meetings between your project team and our ISO 27001 experts dedicated to your project.

  • Save time and money – Leveraging our expertise, proven processes and artifacts simplifies the process of achieving certification.

  • Ensure you meet ISO 27001 requirements – We ensure your success by validating all artifacts to guarantee they fully conform with the standard.

  • Ensure 27001 is Operationalized (not just implemented) – We help build the ISMS committee and chair committee meetings.

  • Ensure you are ready for your certification audit – We conduct your ISMS Internal Audit (including Corrective Action Plans & Management Review).

  • Support You Through the Audit – We can provide on-site support to ensure your certification audit goes off without a hitch. We have a 100% success rate bringing clients to ISO 27001 certification.

  • Support You Post Certification – We provide the ongoing operational support to ensure that you successfully maintain your certification year after year.

These Posts may also interest you :

ISO 27001 ISMS Consultancy

The ISO 27001 Online Consultancy Service will have you ready for accredited certification to ISO 27001:2013 in just a few months.

You will be able to implement an ISMS (information security management system) and develop documentation that is suitably scaled to the size of your organisation.

Learn More

Managed Services

Outsource the management and maintenance of your ISMS to the experts.

Benefit from the reliable advice and practical experience of an ISMS specialist to manage, maintain, audit and continually improve your ISMS in line with the requirements of ISO 27001:2013.

Learn More

Ready to talk?

Let’s Talk