ISO 27001 Certification Consulting
QRC provides ISO 27001 certification assistance consulting, training (about ISO 27001 certification), and consulting services.
Industry studies have found the standard time for implementing ISO 27001 certification without outside assistance ranges from 18 months to two years. With our services the time required to implement the ISO 27001 standard is typically 7 months saving you time and valuable staff resources.
The ISO 27001 Certification Project is jointly managed by an ISO Coordinator from your company and QRC’s ISO 27001 specialist. We use our expertise and work collaboratively to get the work done quickly, and ensure that your personnel are trained to operate and maintain the ISO 27001 Quality System to ensure a smooth transition.
Request a Quote
If you’re considering ISO 27001 Certification
Contact us toll free for a complimentary consultation at (800) 244-5409
To speak to one of our experts immediately call us at (408) 371-9995
You can also Email Us
Our ISO 27001 Consultants can shorten the time required for implementation to an average of 5-7 months.
About the ISO/IEC 27001 Standard
ISO/IEC 27001 or ISO 27001 certification formally specifies a management system that is intended to bring information technology (IT) security or Information Security Management Systems (ISMS) under explicit management control and that meets or exceeds specific requirements. An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.
ISO 27001 Certification requires:
An organization must assess information security risks, taking account of the threats, vulnerabilities, and impacts in a systematic manner;
An organization must have in-place a coherent and comprehensive suite of information security controls that provide remediation of unacceptable risks and/or risk avoidance or transfer where possible;
An organization must have in place a management process to ensure that the information security controls that assure the organization’s information security needs are met an ongoing basis.
Checklist of Mandatory Documentation Required by ISO 27001 Certification
| Documents | Clause or Annex |
| Scope of the ISMS | 4.3 |
| Information security policy and objectives | 5.2, 6.2 |
| Risk assessment and risk treatment methodology | 6.1.2 |
| Statement of Applicability | 6.1.3 d |
| Risk treatment plan | 6.1.3e, 6.2 |
| Risk assessment report | 8.2 |
| Definition of security roles and responsibilities | A.7.1.2, A.13.2.4 |
| Inventory of assets | A.8.1.1 |
| Acceptable use of assets | A.8.1.3 |
| Access control policy | A.9.1.1 |
| Operating procedures for IT management | A.12.1.1 |
| Secure system engineering principles | A.14.2.5 |
| Supplier security policy | A.15.1.1 |
| Incident management procedure | A.16.1.5 |
| Business continuity procedures | A.17.1.2 |
| Legal, regulatory, and contractual requirements | A.18.1.1 |
Quality Resource Center offers the most efficient, cost effective and value added approach to ISO 27001 Certification.
We invite you to contact us for a complimentary consultation Toll Free at (800) 244-5409 or Email Us.