ISO 27001 Compliance
COMPLIANCE
Selkey Cyber Security prioritizes compliance with industry standards to protect sensitive and valuable information effectively. Our approach ensures:
-
Protection of Sensitive Information:
- We implement robust measures to safeguard sensitive and valuable information from unauthorized access and disclosure, minimizing the risk of data breaches.
-
Control Over Confidentiality:
- Our solutions provide adequate control over confidentiality, preventing unauthorized individuals from accessing sensitive information and maintaining the privacy of data.
-
Maintenance of Data Integrity:
- We ensure the integrity of stored data by implementing mechanisms to detect and prevent unauthorized modifications or tampering, preserving data accuracy and reliability.
-
ISMS Implementation:
- Our Information Security Management System (ISMS) helps prevent security breaches by establishing policies, procedures, and controls to mitigate risks and protect information assets.
ISO 27001 clauses & controls
The most recent revision of the ISO 27001 standard, published in 2018, comprises 11 clauses numbered “0” through “10”, along with an “Annex A” that enumerates specific security controls. Each main clause, with the exception of the introduction, encompasses several sub-clauses. Clauses 4 through 10 are deemed “mandatory”, and compliance with the requirements delineated in these sections is imperative for an organization to assert ISO 27001 compliance
INTRODUCTION
Provides an overview of the ISO 27001 standard, its purpose, and its applicability to organizations seeking to establish, implement, maintain, and continually improve an information security management system (ISMS).
SCOPE
Defines the scope of the ISMS, outlining the boundaries and applicability of the standard within the organization and specifying any exclusions or limitations.
Normative References
Lists references to other standards and documents that are integral to the implementation and interpretation of ISO 27001, ensuring consistency and compatibility with related frameworks.
Terms and definitions
Provides definitions of key terms and concepts used throughout the standard, ensuring clarity and uniform interpretation of terminology within the ISMS context.
Context of the Organization
Requires organizations to identify internal and external factors that may affect the ISMS, including stakeholders, regulatory requirements, and the organizational context.
Leadership
Emphasizes the role of top management in establishing and maintaining the ISMS, including demonstrating leadership commitment, defining information security policies, and assigning responsibilities.
Planning
Focuses on risk assessment and treatment, requiring organizations to identify and analyze information security risks, implement appropriate controls, and develop plans to achieve information security objectives.
Support
Addresses resource management, competency, awareness, communication, and documented information requirements necessary to support the implementation and operation of the ISMS.
Operation
Details the implementation and execution of information security controls and processes, including operational planning and control, information security risk treatment, and the management of changes.
Performance Evaluation
Requires organizations to monitor, measure, analyze, and evaluate the performance of the ISMS, including internal audits, management reviews, and the assessment of information security performance.
Partner Certification Bodies
Selkey Cyber Security's Partners to Achieve Certification:
