Insurances.net
Insurance plans Finance Biz Insurances
insurances.net » Small Business » ISO 27001 Consultants: How to Select the Best Consultant for Your Business
Home Business Small Business Wholesale Business Business agency Global Economy
]

ISO 27001 Consultants: How to Select the Best Consultant for Your Business

ISO 27001 Consultants: How to Select the Best Consultant for Your Business

ISO 27001 consultants can be invaluable in helping your organisation to comply with ISO 27001

, the information security management standard. The international standard ISO 27001, also known as ISO/IEC 27001, covers an organisation's Information Security Management System (ISMS). It is framed in very general terms, in order to extend its coverage to every type and size of organisation. However, this lack of specificity can at the same time be an obstacle when applying the standard to a particular situation. This is where ISO 27001 consultants can remove a great deal of the burden of interpreting and applying this comparatively new standard.

Published in 2005, the ISO 27001 standard is part of the ISO/IEC 27000 family of standards related to information security. For example, ISO 27002 comprises the code of practice for information security management, and can readily be used in conjunction with ISO 27001 when setting up an ISMS. Since these are formal published standards, it is possible for an organisation to be certified as compliant with them. In order to achieve this, an organisation needs to call on the services of ISO 27001 consultants.

There are two possible roles for consultants: either they can advise the organisation on the changes to implement in order to comply with the standard, or else they can act as auditors to carry out the certification itself. The two roles are mutually exclusive, as an ISO 27001 consultant cannot subsequently certify an organisation that he or she has previously advised.

The published standard gives comparatively little detail. Hence it is important that the ISO 27001 consultants should have significant business experience, ideally in a senior information security role, as well as a very wide breadth of experience in several different companies. This will furnish them with the insight needed to apply the general clauses of the ISO 27001 standard to the specific situation of the organisation in question.

When selecting ISO 27001 consultants, there are certain questions that can usefully be asked, as follows:

What qualifications does the consultant have? Relevant certifications are: CISSP (awarded by ISC2), CISM (awarded by ISACA) and the new CGEIT (also from ISACA).

How much experience does the consultancy as a whole have with ISO 27001 or similar standards? The ISO 27001 standard is essentially the same as section 2 of the old British Standard BS 7799, published in 2002. A firm of ISOS 27001 consultants should be able to demonstrate extensive experience with these standards, and with ISO 27002 (formerly ISO 17799).

What references are available from past clients for this kind of service? If a consultancy cannot supply testimonials, then it is probably safest to avoid them.

If an organisation is engaging ISO 27001 consultants to advise on a roadmap towards certification, then it is fair to ask them what proportion of firms thus advised in the past were successful in attaining accreditation against ISO 27001. If the proportion is quite low, then it is best to select a competing tender, even at a substantial cost penalty, since making a second attempt at accreditation would be very expensive in terms of fees and staff time.

In summary, specialist ISO 27001 consultants can be indispensable when seeking to achieve compliance with the standard. However, it is important to select carefully, as not all consultants and advisors have the requisite skills and experience.

ISO 27001 Consultants: How to Select the Best Consultant for Your Business

By: Harvey McEwan
Offshore Product Development Holds The Fundamentals Of A Business To Prosper Emergency Payday Loans - Enough Cash To Solve Your Monthly Problems The Necessity Of Custom Application Development For Higher Growth In Business Reasons Why Local Seo Is Imperative For Any Business Make Money Taking Surveys: Your Cash Cow MLM Ads, Learn How To Market Your Business Online For Free! What Makes Texas Customers Happy? Submit Articles To Article Directory To Escalate Your Online Business Success How to Stop Spam at Your Business Flip That Blog! Its Your Business Importance Of Business Coaching Making Your Cash Work For You What Every Business Hotel Should Possess
Write post print

Contact

info.insurances.net

Company

About us Infoline Team Join us Cooperation

Products

Life insurance Home insurance Cheap Car insurance Business Investment insurance

Our Solutions

Presentation Testimonials Examples Our experts Resources

Press Room

Advertisement Interviews Hot news Photos Marketing

Resources

Insurances quotes Loans quotes
www.insurances.net guest:  register | login | search IP(18.221.84.179) Stockholms Lan / Kista Processed in 0.009532 second(s), 6 queries , Gzip enabled debug code: 22 , 4008, 146,
ISO 27001 Consultants: How to Select the Best Consultant for Your Business Kista