ISO 27001 is a risk-driven standard that focuses on data confidentiality, integrity, and availability. The standard aims to help organizations have a stronger, more holistic approach to information security. With its focus on building strong information security management systems (ISMS) within organizations, ISO 27001 has become one of the most widely-used global security frameworks.
While the road to ISO 27001 certification is well-established (and well-traveled), this multi-pronged process still requires attention to detail and a generous
time commitment.
Roadmap to ISO 27001 Implementation
Contact us
Vendor
Readiness Assessment
Gap Assessment
Stage 1 Audit
Stage 2 Audit
Surveillance Audit
Recertification
Selecting a Vendor
Once an organization decides to pursue ISO 27001 certification, it must then select a certification body to help them navigate the path to certification.
As an accredited ISO 27001 certification body, A-LIGN can provide the experience and guidance you need to achieve certification and strengthen security. And we do it with minimal disruption to your business.
01
02
ISO 27001 Readiness Assessment
03
The ISO gap assessment process is designed for companies that will undergo the certification process for the first time and is only performed upon request of the client. A-LIGN simulates the actual certification audit by performing a review of your company’s entire management system including scope, policies, procedures, and processes to review any gaps that may need remediation before your company goes through the actual certification process.
The gap assessment can give you a head-start by revealing any oversights or potential weaknesses your organization
may have so you can address them.
Gap Assessment
First, an auditor reviews an organization’s documentation to confirm it is following ISO 27001 standards. The Stage 1 also checks to see if the required activities of the standard have either been completed, or are scheduled for completion prior to starting Stage 2.
At the end, the auditor will determine if your company is ready to move forward to Stage 2, or if modifications are required to its policies, procedures, and supporting documentation before proceeding.
Once Stage 1 is complete, your organization will have a better understanding of its ability to meet the requirements and areas of improvement. In rare cases, A-LIGN may determine there is sufficient documentation missing to require a second Stage 1 audit before moving on to Stage 2.
Stage 1 Audit
05
The Stage 2 Audit is performed to test the conformance of your
system with the ISO 27001 standard. During this stage, A-LIGN will perform testing procedures including interviews, an inspection of documented evidence, and an observation of your processes.
Every audit is different in duration, and the time to completion is determined by several factors. Upon completion of Stage 2,
A-LIGN will determine if your organization is ready to be certified. If there are any major nonconformities, they will need to be remediated before a certificate can be issued.
At this point, an organization is issued a certificate valid for three years, contingent on the continued successful completion of surveillance audits.
Stage 2 Audit
06
A-LIGN is dedicated to your continued success even following the completion of your certification audit.
During the next two years, A-LIGN will conduct annual surveillance audits, as required by the standard, to ensure ongoing conformity with ISO 27001. This will provide the assurance your systems and processes remain compliant over time.
These surveillance audits are shorter in time and scope than the initial Stage 2 audit, and test a sampled set of controls.
Altogether, this process should take three or four
months to complete.
Surveillance Audit
The A-LIGN team is ready to assist you with any part of your ISO 27001 Certification. Complete the contact form and our team will reach out within 24 hours.
Talk to an Expert
Schedule a consultation
A-SCEND’s Automated ISO 27001 Readiness Assessment is the only SaaS compliance management solution that includes live auditor assistance, making it the fastest and easiest way to achieve ISO 27001 compliance. Everything you need to ensure you are ready for your ISO 27001 certification is clearly laid out in a language that you will understand, with clear questions and requests for evidence.
With our SaaS ISO 27001 Readiness Assessment, you not only benefit from getting ready in half the time, but you also gain the support of one of the top auditing firms in the ISO 27001 assessment space.
04
07
Your certificate is valid for three years after the issue date as long as the surveillance requirements are met. However, your organization will need to recertify before the expiration date, which will then restart the three year certification process.
The recertification process differs from the initial certification, as organizations do not typically need to go through the Stage 1 Audit again. Instead, organizations begin with Stage 2, and upon completion of recertification receives further surveillance audits.
Recertification
ISO 27001 is a risk-driven standard that focuses on data confidentiality, integrity, and availability. The standard aims to help organizations have a stronger, more holistic approach to information security. With its focus on building strong information security management systems (ISMS) within organizations, ISO 27001 has become one of the most widely-used global security frameworks.
While the road to ISO 27001 certification is well-established (and well-traveled), this multi-pronged process still requires attention to detail and a generous
time commitment.
Begin your ISO 27001 certification journey today.
Begin your ISO 27001 certification journey today.
Once an organization decides to pursue ISO 27001 certification, it must then select a certification body to help them navigate the path to certification.
As an accredited ISO 27001 certification body, A-LIGN can provide the experience and guidance you need to achieve certification and strengthen security. And we do it with minimal disruption to your business.
Contact Us
Selecting a Vendor
ISO 27001 Readiness Assessment
Gap Assessment
Stage 1 Audit
Stage 2 Audit
A Surveillance Audit
Recertification
02
A-SCEND’s Automated ISO 27001 Readiness Assessment is the only SaaS compliance management solution that includes live auditor assistance, making it the fastest and easiest way to achieve ISO 27001 compliance. Everything you need to ensure you are ready for your ISO 27001 certification is clearly laid out in a language that you will understand, with clear questions and requests for evidence. With our SaaS ISO 27001 Readiness Assessment, you not only benefit from getting ready in half the time, but you also gain the support of one of the top auditing firms in the ISO 27001 assessment space.
ISO 27001 Readiness Assessment
03
The ISO gap assessment process is designed for companies that will undergo the certification process for the first time and is only performed upon request of the client.
A-LIGN simulates the actual certification audit by performing a review of your company’s entire management system including scope, policies, procedures, and processes to review any gaps that may need remediation before your company goes through the actual certification process.
The gap assessment can give you a head-start by revealing any oversights or potential weaknesses your organization
may have so you can address them.
Gap Assessment
The steps to ISO 27001 are:
04
First, an auditor reviews an organization’s documentation to confirm it is following ISO 27001 standards. The Stage 1 also checks to see if the required activities of the standard have either been completed, or are scheduled for completion prior to starting Stage 2.
At the end, the auditor will determine if your company is ready to move forward to Stage 2, or if modifications are required to its policies, procedures, and supporting documentation before proceeding.
Once Stage 1 is complete, your organization will have a better understanding of its ability to meet the requirements and areas of improvement. In rare cases, A-LIGN may determine there is sufficient documentation missing to require a second Stage 1 audit before moving on to Stage 2.
Stage 1 Audit
05
The Stage 2 Audit is performed to test the conformance of your system with the ISO 27001 standard. During this stage, A-LIGN will perform testing procedures including interviews, an inspection of documented evidence, and an observation of your processes.
Every audit is different in duration, and the time to completion is determined by several factors. Upon completion of Stage 2,
A-LIGN will determine if your organization
is ready to be certified. If there are any
major nonconformities, they will need to be remediated before a certificate can be issued.
At this point, an organization is issued a certificate valid for three years, contingent on the continued successful completion of surveillance audits.
Stage 2 Audit
06
A-LIGN is dedicated to your continued success even following the completion of your certification audit.
During the next two years, A-LIGN will conduct annual surveillance audits, as required by the standard, to ensure ongoing conformity with ISO 27001. This will provide the assurance your systems and processes remain compliant over time.
These surveillance audits are shorter in time and scope than the initial Stage 2 audit, and test a sampled set of controls.
Altogether, this process should take three or four months to complete.
Surveillance Audit
07
Your certificate is valid for three years after the issue date as long as the surveillance requirements are met. However, your organization will need to recertify before the expiration date, which will then restart the three year certification process.
The recertification process differs from
the initial certification, as organizations
do not typically need to go through the Stage 1 Audit again. Instead, organizations begin with Stage 2, and upon completion
of recertification receives further surveillance audits.
Recertification
1
2
3
4
5
6
7
A-SCEND’s Automated ISO 27001 Readiness Assessment is the only SaaS compliance management solution that includes live auditor assistance, making it the fastest and easiest way to achieve ISO 27001 compliance. Everything you need to ensure you are ready for your ISO 27001 certification is clearly laid out in a language that you will understand, with clear questions and requests for evidence.
With our SaaS ISO 27001 Readiness Assessment, you not only benefit from getting ready in half the time, but you also gain the support of one of the top auditing firms in the ISO 27001 assessment space.