ISO 27001 Assessment and Certification

ISO 27001 specifies requirements for managing an organization’s information security program. These requirements include the establishment, implementation, monitoring, review, maintenance, and improvement of the information security control structure. This allows an organization to evaluate its security risks in a systematic and predictive manner.

LBMC Information Security’s proprietary approach to ISO 27001 assessments will provide a comprehensive picture of the IT risks facing your organization, including matrices detailing the likelihood of a risk occurring, the impact to the organization if a particular risk is realized, and a list of controls that have been implemented to address each risk.

ISO 27001 Readiness Assessment

LBMC Information Security will work with our clients to help prepare them for ISO 27001 Certification. To do this, we will first conduct a workshop-style session which includes limited technical testing, to identify and validate the technical boundaries of the Information Security Management Systems (ISMS). Next, we will review relevant documentation and conduct interviews of key personnel who perform, administer, or oversee IT security and privacy functions for the ISMS. Finally, we take all the information gathered during these steps and compares the results to the controls specified in ISO 27001, providing detailed recommendations and a Risk & Compliance Scorecard that clearly highlights compliance status vs. the ISO framework for easy reference.

ISO 27001 Certification

Our team will help confirm scope and control mappings, validate system and process owners, conduct interviews or walkthroughs as necessary, test and document control design and operating effectiveness to meet the required controls, and deliver a final ISO 27001 report for certification. We also leverage our evidence portal to deliver formal information requests and receive artifacts.