ISO 27001 is the global best practice standard for information security. Gaining compliance with or Certification to ISO 27001 proves that your organization takes the confidentiality, integrity and availability of its information seriously.
The ability to respond quickly to information security breaches or incidents is one of the key goals of ISO 27001. Ensuring the capability to minimi
ze the opportunity for incidents to occur will also give your organization a major advantage in service resilience and will help build confidence in your ability to handle information in a secure manner.
Magellanix offers a modular programme of consultancy. Magellanix’s methodology will enable the development of a robust Information Security Management System (ISMS).
ISO 27001:2013 is the de-facto international standard on establishing, operating and maintaining an Information Security Framework (ISMS – Information Security Management System).
The standard is structured into two sections
Mandatory sections of the standard and details specific processes and policies which must be adhered to in order to gain formal certification
Annex A of ISO 27001:2013 which covers 14 security guiding principles.
An organization can claim self-compliance to the standard. This means it operates an ISMS (Information Security Management System), but it is not intending to gain formal Certification. An organization may still be subject to an audit by customers or clients who have imposed a requirement to be compliant, through a contractual clause or during the tender process.
Operating an ISMS and claiming self-compliance provides a common basis for developing organizational security standards, an effective security management practice and confidence in inter-organizational dealings.
Formal Certification is awarded by independent third party Certification bodies. By being certified an organization is subject to continual six monthly surveillance audits and re-Certification audits every 3 years. This ensures the organization is continually monitoring and improving its ISMS in order to maintain its Certification status.
By having formal documented ISMS which has been independently assessed, an organization can demonstrate to its customers and clients that it is committed to security and has the ability to handle information in a secure manner. Equally customers and clients gain confidence in the organization thereby increasing trust in its brand and/or image.
The reputation of ISO and the Certification against the internationally recognized ISO 27001:2013 security standard enhances an organizations’ credibility and may lead to an increase in its market share.
Magellanix modular programme consists of the following phases:
Magellanix has a 100% success rate in assisting organizations through ISO 27001. Having successfully gained Certification to ISO 27001 ourselves we are particularly well placed to guide others toward this internationally recognized Standard.
Magellanix’s business consultants are all ISO 27001:20013 Information Security Management experts. They complement each other’s strengths and have a varied range of skill sets including:
ISO 27001:2013 Lead Auditors
ISACA CISA & CISM Qualified Professionals
In addition to this, our consultants are members of a number of professional body ISC2.org and CISSP certified professionals.