ISO 27001:2013

ISO 27001 provides a frame work that can safeguard information assets while making the business processes easier to manage, measure and improve. This helps to improve your whole organization. It contains provisions to begin with a Risk Assessment, treat the identified risks, define Statement of Applicability (SoA) to determine which controls are most important for each organization, and how to implement controls to safeguard information assets.

Why ISO 27001 is important?

  • Reduces business risk, information security risk as well as data privacy risk
  • Improves organizational processes and strategies
  • Increase business resilience
  • Improve reputation and trust towards your organization
  • Helps to attract new projects, customers and retain existing clients
  • Reduce information security cost
  • Meet contractual obligation

What are the key steps in your ISO certification journey?

  • Planning and Scoping
  • Understand business, identity IT, systems and data owners
  • Gap Analysis
  • Risk Assessment and Treatment
  • Development of Statement of Applicability
  • Design and align mandatory policies, procedures
  • Control Implementation
  • Procedure Workshops
  • Internal Audit

How we can help you to get certified?

CyberLabs will work with your project team from the first step to last to make your ISO certification dream a reality. Our dedicated team assist with you using our expertise knowledge and experience in the industry over the years. Basically, CyberLabs is there throughout your journey in all the stages mentioned above; understand ISMS, conduct risk assessment and treatment, define SOA, design controls, develop or revamp information security policies and procedures, conduct user awareness sessions, management review, internal audit, corrective and preventive actions etc.

What does ISO 27001 cover?

Mandatory requirements of ISO 27001

Clause 4:
Context of the organization

Clause 5:

Clause 6:

Clause 7:

Clause 8:

Clause 9:
Performance evaluation

Clause 10:

ISO 27001 control listing:

  • A.5 Information security policies
  • A.6 Organisation of information security
  • A.7 Human resource security
  • A.8 Asset management
  • A.9 Access control
  • A.10 Cryptography
  • A.11 Physical and environmental security
  • A.12 Operations security
  • A.13 Communications security
  • A.14 System acquisition, development and maintenance
  • A.15 Supplier relationships
  • A.16 Information security incident management
  • A.17 Information security aspects of business continuity management