Active Audit Agency

т: +38(044) 228-15-88

e-mail: info@auditagency.com.ua

INFORMATION SYSTEM AUDIT FOR ISO 27001 COMPLIANCE

What is it?

ISO 27001 (earlier ISO/IEC 17799:2005) standard – is an international information security  standard , published by ISO and IEC. It is named as В«Information technology — Security techniques --  Information security management systems -- Requirements.
ISO 27001 standard contains common principles and best practice of implementation, provision and optimization of information security management on information systems lyfecycle.

iso 27002

Why do you need this?

Audit for ISO 27001 compliance gives to your company an objective assessment of information security stateand recommendations for its optimization.
ISO 27001 audit and implementation will allow to resolve the group of problems related to current business and furhter business development: 

  • Hidden investments in IT and absence of performance criteria for IT units;
  • Inadequate data protection (usually all resources are spent for protection of not really valuable information, and vice versa really valuable assets aren't protected adequately);
  • Financial and reputational losses due to weak information security management system;
  • Permanent penalties from regulators;
  • Information systems acquisition, development and support;
  • Absence of an objective information about information system state and capacity to make business decisions.

Also ISO 27001 implementation will answer to the following and many others questions:

  • What are the significant IT risks for our business and how do they impact on internal business processes? How to minimize those risks?
  • Which information assets do we have and which ones to protect first?
  • What do we have to do in case of a disaster?

How is audit to comply ISO 27001 conducted?

An audit to comply requirements of the international standard ISO 27001 (ISO 17799:2005) is conducted on the several steps:

iso 27001 project

As a result of an audit for ISO 27001 (ISO 17799:2005) compliance you will get:

  • Evaluation of the current system protection level;
  • Recommendations to implement absent and improve existing "weak"controls;
  • Rocommendations to establish and maintain own information security service;
  • Recommendations about own information security policy development.

Audit results can be used for business planning and decision making process.