ISO 27001/27002 Readiness & Remediation – The Rubicon Advisory Group

ISO 27001 / 27002 Readiness & Remediation

The ISO 27001 standard is the globally accepted standard and benchmark for information security. It outlines over 200 potential controls activities relevant for an ISO 27001 certification audit. ISO 27002 has established guidelines and principles for initiating, implementing, maintaining and improving an organization’s ISMS (Information Security Management System).

The twelve sections for ISO 27002 are:

Risk Assessment
Security Policy
Organization of Information Security
Asset Management
Human Resources Security
Physical Security
Communications and Operations Management
Access Control
Information Systems Acquisition, Development, Maintenance
Information Security Incident management
Business Continuity
Compliance

Within each section, there are control objectives and control activities that are recommended for implementation. Certain control objectives and activities may not be applicable to your organization and should be documented in the formal risk assessment when undergoing ISO 27002 readiness.

The Rubicon Advisory Group can help your organization prepare for an ISO 27001 audit by conducting a formal risk assessment of your current IT environment, design and implement ISO 27002 controls for your ISMS, perform a gap analysis and perform internal remediation prior to or after ISO 27001 certification has been completed by an accredited registrar.