ISO 27001 Information Security Services

It is important to note that how these services align to the technical controls is dependent on the scope of the client’s ISO 27001 certification and/or the processes/procedures defined in the client’s Information Security Management System (ISMS).

• A.7.2.2 Information Security Awareness, Education and Training All employees of the organization and, where relevant, contractors shall receive appropriate awareness education and training and regular updates in organizational policies and procedures, as relevant for their job function.
• A.12.6.1 Management of Technical Vulnerabilities Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.
• A.17.1.3 Verify, Review and Evaluate Information Security Continuity The organization shall verify the established and implemented information security continuity controls at regular intervals in order to ensure that they are valid and effective during adverse situations.
• A.18.2.3 Technical Compliance Review Information systems shall be regularly reviewed for compliance with the organization’s information security policies and standards.

Services available to clients, enabling them to evidence that the above technical controls are being met include:

• Information Security Awareness Training (Online, Virtual and Physical options available)
• External and Internal Network Penetration Testing (Firewalls, Servers, Networking Devices, User Devices, etc.)
• Application Penetration Testing (Websites, Internet-facing Services, Remote Access Portals, etc.)
• Intelligence-led Penetration Testing (Red Team Exercises)

Testing services seek to identify vulnerabilities that could result in compromised security of information assets or data, with ongoing remedial support and advice provided.