Support for the ISO 27001 standard
AlgoSecure accompanies you through the implementation of an Information Security Management ISO 27001 on a defined perimeter, and the obtention of its certification Our consultants certified ISO 27001 (Lead Implementer and Lead Auditor) are available to accompany our clients through their certification projects.
What is ISO 27001?
ISO 27001, or more precisely ISO/IEC 27001, is part of the ISO 27000 family of standards, of which it is the best known. Concretely, this international standard from ISO and IEC sets up strict requirements for Information Security Management Systems (ISMS).
The main feature of ISO/IEC 27001 is that it deals with security by a risk-based approach. In other words, by being certified ISO 27001, an organization demonstrates that it has identified the security risks that could affect it and its sensitive data, and that it has taken the necessary organizational measures to manage these risks.
What are the main lines of implementation?
The ISO 27001 certification starts with the definition of the ISMS according to the needs of the organization, through the realization of a study of the risks which weighs on the sensitive data included in this perimeter of intervention. The study is carried out at both the micro and macro levels. It also concerns the environment in which the organization in question evolves. After identifying the risks, the ratio between the probability of the event occurring and its impact is determined. This allows for the selection of adequate protective measures, listed in the ISO 27002 standard.
By implementing the ISO 27001 standards (and the other standards of the ISO 27000 family by extension), a company can effectively protect itself from the risks weighing on its sensitive assets such as information relating to its personnel, its financial data or its intellectual property documents.
How do we help you achieve ISO 27001 certification?
The project team relies on the following elements :
- the project leader from AlgoSecure (senior consultant)
- AlgoSecure consultants (certified ISO 27001)
- the manager of the client's project
- the actors of the concerned perimeter on the client's side
The goal of this phase is to assess the maturity level and feasibility of the project.
- Interview with the main actors of the company: General Direction, CFO, CIO...
- Defining the IMS perimeter
- Situational analysis
- Establishing and presentation of a project plan (length, expenses, deadlines, budget)
Phase 2 is the execution of the project plan made in phase 1.
Analysis of present situation
The goal of this phase is to analyze precisely the present situation and apprehend the risks on the defined perimeter.- Detailled study of context: needs, constraints, goals
- Study of the current security measures and vulnerabilites
- Risk analysis
Phase 2.2: Establishment of the IMS
The goal of this phase is to build the IMS.- Defining the organisation and the resources
- Choices regarding risk treatment
- Choice of risk reduction measures and declaration of applicability
- Definition of an action plan related to the implementation of measures
- Defining the IMS management procedures of IMS
- Choosing and defining the indicators
- Implementation of the IMS management
- Establishing the security policy of information systems
Phase 2.3: Monitoring and improvement of the IMS
The goal of this phase is to carry on the action plan and implement the monitoring and piloting tools.- Training and staff security awareness
- Monitoring of the tasks progress
- Internal audits
- Management review
- Support to choose a certification organization
Phase 2.4: Certification mock audit
The goal of this phase is to build the IMS.- The goal of this phase is to optimize the odds to get successfully certified.
- Mock audit
- Treatment proposal for the identified divergences
- Informing the steering committee about the assessment
Phase 2.5: ISO-27001 certification
- Arrangements with the certification organization
- Support through the audit
- Answers to the possible non-compliance points
The goal is to retain the certification
- Risk analysis update
- Policy and procedures review
- Deployment of the yearly action plan
- Training
- Internal audit
What advantages do you derive from ISO 27001?
- Guarantee of a controlled security
- Control over the company security and optimization of the security budgets
- Conformity to the legal requirements
- Increase in your market shares
- Improved attractiveness of your company
We are ISO 27001:2013 certified!
In addition to our PASSI qualification, we have chosen to obtain ISO 27001 certification for the perimeter of our infrastructure from which we conduct our PASSI audits. On the one hand, this certification allows us to raise our security level even higher, not only from a technical point of view, but also and especially from an organizational and process management point of view. On the other hand, it demonstrates that we apply to ourselves the advice we give to our customers. Obtaining this certification is the result of several months of work, but it is worth the effort to enable us to better protect the sensitive data we may be handling.
Specialists in information security and pentest in Lyon, Paris, Saint-Etienne and throughout France
You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.