Help clients to succeed in information security & compliance

  ISO 27K Compliance & Assessment 

DISC performs a security review to identify and analyze risks and weaknesses in the security posture of your organization and due diligence is achieved by virtue of ISO complianceAn assessment is performed utilizing international standard ISO 27002 (Code of Practice) and company security policy, the purpose of the review is to evaluate the information security posture of your organization. The level of compliance will indicate how close your organization is to meeting the key objectives for each 133 controls defined within 11 security control clauses collectively containing a total of 39 main security categories and one introductory clause introducing risk assessment and treatment.

  Globe, fiber optic cables on a computer keyboard     Globe, fiber optic cables on a computer keyboard      Globe, fiber optic cables on a computer keyboard      Globe, fiber optic cables on a computer keyboard

Benefits of ISO 27k framework:

Framework addresses the security issues for the whole organization 
Address compliance with various regulations like (SOX, HIPAA, and PCI) 
Reduce total cost of security by decreasing total number of controls
Perception of your business that you are serious about security
Enhance partners and vendors confidence
Future deciding factor for international partners
Internationally recognized standard

Download versions of the following standards for just $40 each!
• ISO27001 (ISO 27001) ISMS Requirement (Download now)
ISO27002 (ISO 27002) Code of Practice for ISM (Download now)
ISO27005 (ISO 27005:2008)ISRM Standard (Download now)

It is important to not only assess the control for completeness (all relevant areas are addressed) and comprehensiveness (each individual area is covered completely), but also this balanced framework serves as the basis for both measuring an organization's effectiveness in addressing risk and structuring an organization's overall security program. Because ISO 27002 requirements are largely a superset of other major regulations, achieving ISO 27002 compliance positions most organizations to be well on their way to meeting the requirements of PCI, SOX, HIPAA and GLBA.

To achieve ISO compliance, thorough assessment utilizing all 133 controls will provide mitigating solution guidelines for gaps. Depending on your needs, size of your organization, availability of key resources and information the final report can be produced within couple of weeks. Also depending on your requirement DISC may provide implementation guidance and metrics for 39 control categories. To give your business an edge, contact us if you would like to compare your security practices with international standard.

The result of the assessment will not only establish and maintain security policy, but also validate policy's completeness, design new controls and provide a road map to mitigate risks. An assessment of risks will determine what issues need to be addressed and provide a guideline to meet security regulations and a road map to build a world class ISMS (Information Security Management System).

DISC offers following services to achieve ISO compliance and certification

  • ISO 27002 assessment for as-is security posture
  • Build ISMS (ISO 27001) for to-be security posture

    • ISO/IEC 27002 the code of practice for information security management previously known as BS 7799-1 and then ISO/IEC 17799 [Press release on change of name]

    DISC offers a comprehensive ISO assessment to analyze the security posture of an organization. In the final report each control is defined and color coded using the base definition found in CMMI (Capability Maturity Model Integration). This is a proprietary evaluation program. Contact us for a quote.

    Tools and Books available for ISO 27k Compliance

     

    ISO Standards

    		 

    Information Security Risk Management for ISO 27001

    		 

    vsRisk - Information Security Risk Assessment Tool

    		 

    ISO 27k: Books & Tools

    CMMI to ISO 27002 

     Rating Color

    CMMI level 

    ISO 27002 level

     0

            

    Non existent 

    Complete lack of recognizable control

     1

            

    Initial

    There is an evidence that security issue exist and needs to be addressed, however no control exist to tackle the issue 

     2

            

     Repeatable

    Security control is still in development with limited documentation 

     3

            

    Defined

    Security control has been documented and communicated through training, but it is left to individual to follow control

     4

            

    Managed 

    It is possible to monitor and measure security control compliance but management of the control is not fully automated

     5

            

     Optimized

    		Security control has been refined to a level of ISO code of practice, based on result of continuous improvement

       Download ISO27K Standard  

    Infosecurity & Compliance SOX, HIPAA, GLBA, PCI, FISMA Documentation

    Contact us for ISO assessment | Other Info

    Checkout our latest blog posts on ISO 27k

                      ISO 27002 framework for todays's security challenges