How Can Aatreya help ?

Aatreya recommends that the ISO 27001 roadmap starts with an initial gap analysis. Following on from this, there is frequently a requirement to define policy and procedure. This is a tailored requirement, customized to every organization that pursues the adoption of the ISO 27001 ISMS.

Organizations may require additional security technology and systems assurance to mitigate against threat and risk. Although ISO 27001 does not mandate any form of security technology, the organization may benefit from security solutions so as to reduce their exposure to risk. The final part of the ISO 27001 journey culminates in a full audit, arranged by Aatreya, but delivered by an independent certification body.

ISO 27001 Pre-Audit Services

Many organizations have a series of information security policies and procedures. It is common for organization’s to have acceptable usage policies, asset registers and incident response plans, however they are often fragmented and do not address information security at all levels. ISO 27001 aims to formalize information security by bringing it under the control of an explicit management framework. This touches more than just information technology. It considers all information security risks, including physical and logical threats, vulnerabilities and impacts.

Aatreya is an ISO 27001 registered organization and it has a team of security consultants that are certified as ISO 27001 lead auditors. As well as being fully versed in all aspects or policy and procedural audit, Aatreya is also able to offer technical advice and guidance on mechanisms to reduce risks and minimize threats, vulnerabilities and impacts.

Aatreya provides gap analysis services that measure an organization’s security posture, and attitude towards risk and management backing against the ISO 27001 requirements. Aatreya consultants can provide a clear road map for bridging this gap, whilst also providing document writing services and technical solutions to assist in the compliance journey.

Formal ISO 27001 Gap Analysis Services

The recommended approach for organizations embarking on the ISO 27001 journey is to have a formal gap analysis. During this exercise Aatreya measures an organizations current policies, processes, working practices, technologies and governing frameworks against the relevant requirements defined in the ISO 27001 Statement of Applicability.

What is a Gap Analysis?

A gap analysis typically involves a Nettitude ISO lead auditor travelling to an organization’s offices and conducting a review of the business processes that are in-scope for assessment. The exercise will frequently result in the auditor working closely with IT managers, compliance managers and security officers so as to understand the finer details of how the organization manages risk.

Once this initial review has been conducted, Aatreya will measure the environment against the relevant ISO 27001 ISMS controls. This exercise is effectively a backwards facing assessment of the environment against what the ISO 27001 framework. Using this data, Aatreya will identify the gaps and provide feedback on areas that are both compliant and non-compliant.