Contact Us Today!

Special Facebook Promotion

Like us on Facebook and get 10% off your next order.

ISO 27001 Compliance and Certification

DISC has implemented ISO 27001 for several organizations to achieve certification which includes but not limited to fortune 500 organizations.

DISC performs a security review (ISO 27k gap assessment) to identify and analyze risks and weaknesses in the security posture of your organization and due diligence is achieved by virtue of ISO compliance. A gap assessment is performed utilizing international standard ISO 27002 2013 (Code of Practice), ISO 27001 2013 (ISMS Specification) and company security policy, the purpose of the gap assessment is to evaluate the information security posture of your organization. The level of compliance will indicate how close your organization is to meet the key objectives for every 114 controls defined within 14 security control clauses collectively containing a total of 35 main security categories and four introductory clauses including introduction, scope, normative references and terms & definitions.


There are 114 controls in Annex A, covering the breadth of information security management, including such areas as

  • Physical access control
  • Firewall policies
  • Security staff awareness program
  • Vendor security management
  • Threat monitoring 
  • Incident management 
  • Encryption
  • HR security


ISO 27001 helps you identify and manage risks

An ISMS is based on the outcomes of a risk assessment, which means the business needs to produce a set of controls based on the identified risks in order to minimise those risks. The risk assessment is conducted across the organization. It includes all the possible risks that the information can be exposed to, balanced against the likelihood of these risks materialising and the potential impact of such risks. Once the risk assessment has been conducted, the company needs to decide how it will manage and mitigate those risks. The business then needs to make a decision about how to decrease the risks based on allocated resources and budget.


Simplified ISO 27001 Certification  

Continued Management all for a Fixed Monthly Fee



Reach compliance at your own pace - Dedicated ISO 27001 expertise to ensure you have the answers, guided documentation and extended team members you need when you need them.

Stay on target - DISC hosts weekly status/coordination/working meetings between your project team and our ISO 27001 experts dedicated to your project.

Save time and money - Leveraging our expertise, proven processes and artifacts simplifies the process of achieving certification.

Ensure you meet ISO 27001 requirements - DISC ensures your success by validating all artifacts to guarantee they fully conform to the standard.

Ensure 27001 is Operationalized (not just implemented) - DISC helps build the ISMS committee and chair committee meetings.

Ensure you are ready for your certification audit - DISC conducts your ISMS Internal Audit (including Corrective Action Plans & Management Review).

Support You Through the Audit -DISC provides on-site support to ensure your certification audit goes off without a hitch.  We have a 100% success rate bringing clients to ISO 27001 certification.

Support You Post Certification - DISC provides the ongoing operational support to ensure that you successfully maintain your certification year after year.

                  Call or email to schedule an appointment         

707-998-5164 Continued


       Benefits of ISO 27001 framework:

           * Safeguard your valuable data and intellectual property

           * The framework addresses the security issues for the whole organization 

           * Avoid penalties and losses due to data breaches

           * Address compliance with various standards and regulations like (HIPAA, PCI, GDPR) 
           * Reduce the total cost of security by decreasing the total number of controls
           * Perception of your business that you are serious about the security
           * Enhance partners and vendors confidence
           * The future deciding factor for international partners
           * Obtain an advantage over your competitors



Download ISO27000 family of information security standards today!

• ISO27001 2013 ISMS Requirement (Download now)

ISO27002 2013 Code of Practice for ISM (Download now)

ISO 27001 Do It Yourself Package (Download)


ISO 27001 Training Courses -  Browse the ISO 27001 training courses

It is important to not only assess the control for completeness (all relevant areas are addressed) and comprehensiveness (each individual area is covered completely), but also this balanced framework serves as the basis for both measuring an organization's effectiveness in addressing risk and structuring an organization's overall security program. Because ISO 27002 requirements are largely a superset of other major regulations, achieving ISO 27002 compliance positions most organizations to be well on their way to meeting the requirements of PCI, SOX, HIPAA and GLBA.

To achieve ISO compliance, thorough assessment utilizing all 114 controls will provide mitigating solution guidelines for gaps. Depending on your needs, size of your organization, availability of key resources and information the final report can be produced within couple of weeks. Also depending on your requirement DISC may provide implementation guidance and metrics for 35 control categories. To give your business an edge, contact us if you would like to compare your security practices with international standard. 

The result of the assessment will not only establish and maintain security policy, but also validate policy's completeness, design new controls and provide a road map to mitigate risks and to achieve certification. An assessment of risks will determine what issues need to be addressed and provide a guideline to meet security regulations and a road map to build a world class ISMS (Information Security Management System). Controls are not only technological solutions but also cover people and organizational processes.

IBITGQ Lead Implementer

DISC offers following services to achieve ISO 27001 certification:

ISO 27002 assessment for as-is security posture

Build ISMS (ISO 27001) for to-be security posture
  • ISO 27001 Gap Assessment based on Specification & Annex A
  • ISO 27001 Implementation including ISMS policies & procedures
  • ISO 27001 Risk Assessment Methodology based on ISO 27005
  • ISO 27001 Risk Assessment of critical assets within the scope
  • ISO 27001 Internal Audit
  • ISO 27001 Awareness & Training

ISO/IEC 27002 the code of practice for information security management previously known as BS 7799-1 and then ISO/IEC 17799 [Press release on change of name]

ISO 27002 2013 (Code of Practice), ISO 27001 2013 (ISMS Specification) - Published Date September 2013

DISC offers a comprehensive ISO assessment to analyze the security posture of an organization. In the final report each control is defined and color coded using the base definition found in CMMI (Capability Maturity Model Integration). This is a proprietary evaluation program. Contact us for a quote.

DISC is an approved associate consultancy of NQA Registrar

Download ISO 27001 Standards,Tools and Books to achieve Certification

CMMI to ISO 27002 


Rating  CMMI level  ISO 27002 level  
0 Non existent Complete lack of recognizable control
1 Initial There is an evidence that security issue exist and needs to be addressed, however no control exist to tackle the issue
2 Repeatable Security control is still in development with limited documentation
3 Defined Security control has been documented and communicated through training, but it is left to individual to follow control
4 Managed It is possible to monitor and measure security control compliance but management of the control is not fully automated
5 Optimized Security control has been refined to a level of ISO code of practice, based on result of continuous improvement

ISO 27001 Training Courses

Standalone ISO 27001 ISMS Documentation Toolkit

Checkout our latest blog post on ISO 27k



Latest ISO 27001 titles at DISC InfoSec Store | eBay | IT Governance


ISO 27k standards available here

                Download ISO27k Standards

Print Print | Sitemap
InfoSec | @ 2021 DISC