HSC - Services - Guidance service for ISO 27001 implementation

Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet

You are here: Home > Services > Guidance service for ISO 27001 implementation

Go to: HSC Trainings

Services

			Skills & Expertise
			Consulting
			ISO 27001 services
			Audit & Assessment
			Penetration tests
			Vunerability assessment (TSAR)
			Forensics
			ARJEL
			Training courses
			E-learning

Conferences

			Agenda
			Past events
			Tutorials

Resources

			Thematic index
			Tips
			Lectures
			Courses
			Articles
			Tools (download)
			Vulnerability watch

Company

			Hervé Schauer
			Team
			Job opportunities
			Credentials
			History
			Partnerships
			Associations

Press and
communication

			HSC Newsletter
			Press review
			Press releases
			Publications

Contacts

			How to reach us
			Specific inquiries
			Directions to our office
			Hotels near our office


		Guidance service for ISO 27001 implementation


	See also... ISO 27001 status overview ISO 27001 certification audit training General presentation of our ISO 27001 services HSC ethical and deontological guidelines

Objective of the service

To assist you in the implementation of an ISO 27001 compliant ISMS.

In which cases to select this service

You wish to show to your interested parties (customers, regulatory institutions, strategic partners, etc.), in an objective and verifiable way, that you run security good practices.

Results of the service

At the end of the service, the customer has implemented an ISMS and masters its operation.

Detailled description

This service comprises three main stages, below detailled:

Stage 1: Strategic stage
Stage 2: Foundations setting up
Stage 3: Implementation of the ISMS procedures

Stage 1: Strategic stage

During this stage, the HSC consultants closely work with the customer in order to: * - Identify some strategic priorities in the context of the security * - Define the most relevant ISMS scope, and write it in accordance to the ISO 27001 requirements * - To design a security policy in accordance to ISO 27001, taking into consideration the previously identified strategic priorities * - To devise a security organisation taking into consideration the customer background

Stage 2: Foundations setting up

The HSC consultants assist the customer in implementing the ISMS foundations. For this, they advise the customer regarding the following tasks:

Assets inventory
Assets evaluation
Vulnerabilities identification
Threats identification
Selection of the risk treatments
Production of the Statement of Applicability (SoA)

Stage 3: Implementation of the ISMS procedures

The customer implements the ISMS procedures following the previously formulated HSC recommandations. The main intended tasks are:

Implementation of the documentation management procedure
Implementation of the operations follow-up procedure
Implementation of an internal audit structure
Implementation of the security controls
Adjustments to the compliance of the existing processes

It is fundamental that these tasks are realised by the customer for he masters the ISMS. Indeed, the certification auditors will evaluate that control of the ISMS. The HSC consultants supply a sustained assistance to the customer. That's why this stage takes the form of a bundle of "open" days, during which the consultants are to be solicited. They are to come, at the customer convenience:

To validate the steps of the work on the compliance adjustements
Or to assist the customer on a fussy step

This approach brings several key benefits:

The customer effectively masters the ISMS, which is fundamental for being certified
The operations rhythm is adapted to the customer wishes
The consultants come if needed, when the customer feels ready or is blocked by a difficulty
The consultants check that the resulting ISMS comply with ISO 27001 and that there is no drift from the standard