Ready to find out what kind of shape your information security is in? intiGrow will help you answer this with a two day, no-charge assessment. Take a look at the service details below. If it seems like something that will help you, give us a try!
Scope of Work
We will conduct a review of the following at your location, and/or off-site, against the control requirements specified by the international standard ISO 27001:
- Information Security Management System and its functioning including the necessary documentation.
- Existence of Information Security Policies & Procedures
- Quick review of the various information security controls implemented
- Awareness of information security amongst your organization’s staff members
Approach and Methodology
Our consultants will employ our proven and tested methodology of conducting audits. Our approach has been fine-tuned over years of experience in conducting information security audits with varying scope and purposes. We have developed our approach based on international standards and best practices like the ISO 27007, ISO 27008, NIST 53, FISMA, and ISACA IS Auditing Standards and Guidelines.
To address the scope of the proposed audit our consultants will review the implementation of following controls in two phases.
In Phase 1, the mandatory clauses, namely Clauses 4, 5 6, 7 & 8, will be assessed. As these are the mandatory clauses, non-compliance with these is considered Major Non Conformity. For organizations who have not implemented the standard, these point at the Information Security posture of the organization being weak and vulnerable.
In Phase 2, the implementation of the 133 normative controls under the 11 Domains of the standard will be assessed.
The assessment will be conducted by interviewing the process owners. We will test the implementation of security controls by verifying the evidences, records, documents being maintained.
Deliverables & Timelines
intiGrow deliverables at the end of this engagement will be comprised of:
- Report highlighting the compliance against the controls of the standard.
- The report shall describe the observations/findings with a risk rating for each finding/vulnerability.
- Overall compliance status with ISO 27001.
Estimated timelines for the proposed scope of work:
- The timeline for conducting the assessment shall be two business days.
- TThe report shall be submitted within three business days after the audit has been completed.