ISO 27002

Information is critical to meeting the needs of customers and allowing business operations to be performed. Like many business assets, however, information is subject to a number of threats, any one of which may impact the business and jeopardise its continued operations.

Threats may originate from within or outside the business, and can range from deliberate actions to Acts of God and human error. It is the impact that these threats may have upon a business that we commonly refer to as ‘risk'.

The need to protect information against risk has come increasingly to the fore in light of the realisation that organisations are dependent upon not only the security of their own information, but that of their suppliers and the other organisations which they trade or interact. The continued growth of electronic commerce and changes to information-related legislation have further emphasised this need, and has led to an increasing demand for certification under the ISO 27002 Standard for Information Security Management.

Whilst certification may form the ultimate goal, it is the process of identifying and addressing the security requirements of the organisation that form the most daunting task for many organisations. It is in this area, however, that HW Controls & Assurance can help.

Our ISO 27002 Auditors can evaluate your work to date and advise upon:

• The scope of your information security management systems
• The risk assessment process
• The process of deriving information security requirements from risk assessments and other sources
• Mandatory ISO 27002 documentation such as the Information Security Policy and the Statement of Applicability.
• Any gaps in control that may be highlighted within the official certification process

For further information on our ISO 27002 review, please contact us.