ISO 27001 is an information security framework that was published by the International Organization for Standardization (ISO). ISO 27001 formally specifies an Information Security Management System (ISMS), which is a management framework through which the organization identifies, analyzes and addresses its information risks. ISO 27001 includes 14 control groups that consist of 35 control objectives and 114 distinct controls. The 14 control groups and number of controls in each group are as follows:
The certification process is divided into two stages: The “Stage 1 Audit” and the “Stage 2 Audit”. The “Stage 1 Audit” consists of documentation review. During Stage 1, the ISO 27001 assessor reviews policies and procedures to ensure that appropriate policies and procedures are in place to meet requirements of the ISMS. The “Stage 2 Audit” consists of the ISO 27001 auditor performing tests of effectiveness to ensure that controls have been implemented to meet the requirements of the ISMS.
In addition to the Stage 1 and Stage 2 audits, the following must be performed in order to become ISO 27001 certified:
Many organizations have trouble meeting the internal audit requirement do to the following reasons:
To combat these issues, organizations are outsourcing the internal audit requirement to CPA firms, such as Schneider Downs, that possess the appropriate knowledge of internal audit and ISO 27001.
We begin our assessment by working closely with you to understand your business processes in order to understand your ISO 27001 compliance scope. We will work with and interview key individuals within the business and information technology services responsible for implementing the ISO 270001 controls to understand information security policies, procedures, and practices. We will evaluate your compliance with all control requirements through review of documentation supporting the operating effectiveness of controls. When our evaluation is complete, we will provide your organization with a detailed ISO 27001 compliance assessment report outlining corrective action plans with a detailed roadmap for achieving ISO 27001 compliance.
Artificial Intelligence in Higher Educationread more >
Why Higher Education Institutions Must Comply with GDPRread more >
Minimizing Higher Ed Risks - Utilizing Internal Audit and Data Analyticsread more >
Data Analytics | Pittsburgh Technology Servicesread more >
Enterprise Risk Management in Higher Education, and How Internal Audit Can Helpread more >