The video features an interview with Joseph Kirkpatrick, the president of KirkpatrickPrice, discussing ISO 27001 certification.
What is ISO 27001? ISO 27001 is described as the “grandparent” of all information security frameworks. It is an information security management system certification that was first published in 2005.
Updates to the Standard: The standard has been updated twice, in 2013 and 2022, to remain current.
Benefits of Certification: ISO 27001 certification is particularly valuable for companies with international clients as it demonstrates a commitment to recognized security standards.
The Role of a Partner: A partner, like KirkpatrickPrice, can help identify issues before the official audit, serving as an independent auditor to help clients prepare.
Certification Process: The certification process has two stages:
Stage 1: A review of documentation and interviews to assess readiness.
Stage 2: The audit itself, where evidence of implemented controls is examined.
Common Audit Findings: Auditors commonly focus on:
Internal and External Issues: Organizations must document their internal and external issues related to information security.
Needs of Interested Parties: Companies need to show they understand the needs of all stakeholders.
Risk Assessment: A robust and current risk assessment process is essential.
Information Security Objectives: Clear objectives and plans to achieve them are necessary.
Management Review: Evidence of consistent management oversight and involvement is critical.
Importance of People: ISO 27001 certification requires a collaborative effort from various departments, not just IT.