The ISO 27001 standard defines the framework to initiate, implement, maintain, and manage information security within an organization. The standard is based on the Envision-Plan-Develop-Implement methodology and outlines the requirements for an organization to design and execute an Information Security Management System (ISMS). As such, the focus of a pre-assessment review is on the design of the ISMS itself and its conformity to the requirements of the ISO 27001 standard.
Scoping
The scope of the pre-assessment is determined by the organization and can be an entire enterprise, a specific business unit, or domain of focus.
Deliverables
The primary deliverables of our ISO 27001 pre-assessment reviews include:
- Detailed project plan for the assessment
- Comprehensive information request list allowing the organization’s personnel to gather documentation in advance of fieldwork
- Formal report identifying high-level gaps related to the conformity to ISO 27001
Who Should Consider an ISO 27001 Pre-Assessment?
The following are characteristics of the ideal candidate for ISO 27001 readiness review and pre-assessment services:
- Any organization, business unit/division, or service, that is considering certification against the ISO 27001 standard
- Any organization that is required by its customers to be aligned with the ISO 27001 or 27002 framework