ISO 27001

5 Steps to ISO Certification

5 Steps to ISO Certification

What are the steps to ISO certification? Our assessors have completed assessments against several International Organization for Standardization (ISO) standards, and can provide your organization on insights on the process for achieving ISO certification.

Read More

The Advantages of Accredited ISO 27001 Certifications

To protect the sensitive data within an information security management system (ISMS), organizations should consider the comprehensive information security standard, published by the International Organization for Standardization, ISO 27001. This audit is a standardized-industry approach used to define and validate the processes and controls of an ISMS. Before conducting the ISO 27001 audit, an organization […]

Read More

SOC 2 vs. ISO 27001: Which is the Right Assessment for Your Organization?

Companies continue to struggle with the decision between selecting the SOC 2 examination or ISO 27001 certification.  Often customer contracts require either audit or competitors have one or the other.  Although these security standards serve a similar purpose, there are some key decision factors that may help your organization determine the appropriate assessment based on […]

Read More

Family Affair: Using ISO 27001 to conform to ISO 27017 and ISO 27018

ISO 27000 Family – Information Security Management Systems The ISO 27000 family of standards is related to an organization’s information security management systems, or ISMS. This international standard helps organizations by providing a clear set of requirements that can be used to manage the security of the business’ assets. An ISMS is a systematic approach […]

Read More

ISO 27001: The Four Most Common Post-Certification Pitfalls

Author: Gene Geiger, CPA, CISSP, CCSK, QSA, PCIP, ISO 27k LA, and Partner at A-LIGN. Becoming ISO 27001 certified is a rigorous process for most organizations but the work should not stop after receiving the sought after certification. We want to ensure that your organization does not fall victim to these common pitfalls so that […]

Read More

Strengthening the Cloud: ISO 27017 and ISO 27018

As the global usage of cloud technology continues to grow, businesses must strategically consider the risk of storing protected information and explore security options in order to protect their information systems. There are multiple security standards for cloud services providers and users to utilize in order to secure the cloud-based environment and minimize potential risk […]

Read More

It’s Time For An Upgrade: Switching from ISO 27001:2005 to 2013

As a reminder a new version of ISO 27001 has been issued and the deadline for updating your company’s ISO 27001 program from 2005 to 2013 is quickly approaching.  There are some significant changes to ISO 27001 in the newest 2013 edition.  Utilizing the guidelines in ISO 27001:2013 will improve the standardization and operations of […]

Read More

Relevant Audit Selection for Cloud Providers

Just as in physical storage, cloud service providers are used to store sensitive data.  This can be anything from credit card information to personal information such as social security numbers.  There are three key cloud services:  Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).  The storage of […]

Read More

It’s Time For An Upgrade: Transitioning Your Current ISMS From ISO 27001:2005 To ISO 27001:2013

A new version of ISO 27001 has been issued and if it’s your job to upgrade your company’s ISO 27001 program from 2005 to 2013, we’re here to help.   The standard was revised for a number of reasons including addressing new technology, to comply with the ISO/IEC directive and make compliance simpler for organization that […]

Read More

Accredited vs Unaccredited ISO 27001 Certification – Does it Matter?

By: Gene Geiger, Partner of A-LIGN Security and Compliance Services ISO 27001, published by the International Organization for Standardization, is a comprehensive information security standard that defines processes and controls that should be in place for the information security management system (“ISMS”) to protect the sensitive data and technology in your environment. Once these processes and […]

Read More