Project Procedure
Our Services around the ISO 27000 Series of Standards
ISO Compliance with plan42
plan42 offers a comprehensive range of consulting services for the implementation of ISO 27000 series requirements – whether you have already taken the initial steps or you are new to IT security standards and information security management systems (ISMS).
For that purpose we have created ISO 27001 compliant process procedures: They do not only help you become familiar with the ISMS topic and its terminology, but also provide a valuable overview of project steps, responsibilities, and required documentation throughout all project stages.
Of course, we are also happy to adapt our process design to the specific requirements of your organisation. Based on this process model we accompany you through the following steps and, if so required, guide you on your way to certification:
1 Defining Your Scope
We help you define the scope in which you wish to implement the ISMS. Which processes, applications, etc. does your scope include?
2 Determining Your Objectives
Together with you, we determine your requirements and security objectives. This is the basis on which we develop your security policy.
3 Specifying Your Risk Assessment Approach
In this step we help you choose the risk assessment approach that best suits the requirements of your organisation.
4 Analysing Your Protection Requirements
In order to determine your protection requirements in terms of confidentiality, availability, and integrity, we organise workshops in which we draft and discuss real-life "what if" scenarios.
5 Assessing the Risk
The identified threats are mapped to risks, which we assess using the approach selected in step 3.
6 Developing Your Security Concept
We derive appropriate security measures and combine them to create a target concept.
7 Carrying out a Gap Analysis
Which measures of the target concept have already been implemented? Which are now to be put into practice?
8 Deriving Measures
Together, we derive open measures and prioritise them for implementation.
9 Securing and Optimizing Your Results
The last step serves to monitor the implementation progress, secure results and optimise them on a continuous basis.
Supplementing Services around ISO 27001
Since ISO 27001 is a certifiable standard, you can have your successful ISMS implementation officially confirmed: for that purpose, plan42 offers ISO 27001 certification audits on the basis of IT-Grundschutz. Besides, our security audits and gap analyses provide security assessments with varying scopes and for different stages of implementation.
And what can we do for you?
Would you like to learn more about our ISO 27000 services? Please feel free to contact us. For more information, please also refer to our service description "ISO 27001 & IT-Grundschutz".