ISO 27001: Information Security Management

At Orion, our team of experts will guide you through the process. Our knowledgeable and personable auditors will make this a rewarding experience to help strengthen your internal controls. Outputs from the certification process will highlight your strengths, weaknesses (non-conformances) and any opportunities for improvement.

Meeting room people smiling - Certifications

Why Work with Orion on ISO 27001

Orion has a long track record in providing certifications that address information security concerns in an increasingly interconnected, cloud-based world.

We are currently the only firm endorsed by three industry associations to audit their members, and we reward this trust by only using auditors that have an overall customer satisfaction rating of 99% or better. Our auditors have over 15 years of auditing experience, making them seasoned and proven professionals.

Our vast and lengthy experience means that we truly know and understand the IT industry, including its typical processes, commonly used software, and industry terminology. As a result, our auditing services are efficient and effective, and we will work with you to establish mutual goals up front to make sure your needs are fully met. If you are looking to certify to multiple standards, we also provide integrated audits so you that can achieve certification to multiple standards in one audit (e.g. ISO 27001 / ISO 9001 / ISO 14001 / ISO 45001 / ISO 17100 / R2), ultimately saving you both time and money.

The Importance of ISO 27001

The global work environment has changed significantly over the past couple of years as COVID-19 has forced many businesses to move to a remote or blended work scheme and operate from cloud-based platforms. This shift has resulted in a dramatic increase in the transmission of documents, data, and sensitive information over the internet and cybersecurity is now more important than ever.

According to Cybersecurity Ventures August 24, 2020, report global cybercrime costs are expected to grow by “15 percent per year over the next five years and reach $10.5 trillion annually by 2025.” These cybercrime costs include theft of intellectual property, customer information, theft of personal or corporate financial data, lost productivity, fraud, embezzlement, ransom for locking systems, and the efforts required to restore changed or deleted data.

A breach of information can be devastating to an organization’s reputation and pose a potential liability.

With the increased risk of cybersecurity breaches, the demand for cyber security standards such as ISO 27001 Information technology — Security techniques has grown. With a focus on continual improvement, certified companies must identify the information they are trying to protect, assess the risk factors surrounding this information and implement the required controls and process to protect it

Breakdown of the ISO 27001 Standard

Like other ISO standards such as ISO 9001, ISO 27001 has an overall management system core set of requirements such as setting goals and objectives and conducting management reviews, but the main difference is in the Annex A controls. This section identifies 114 controls in 14 groups and 35 control categories the company must consider and justify those that are not applicable.

The 14 groups include:

Overview of the Audit Process

Orion Assessment Service can assist your organization in achieving certification from the initial application request, and through to the required stages which include:

Sign the Agreement

1

Sign the Agreement

Orion must provide a quote for all ISO standards. The terms and conditions must be signed and returned to Orion along with any required deposit.
1

Perform GAP Audit (optional)

2

Perform GAP Audit (optional)

Prior to your Stage 1 or Stage 2 audit, Orion can perform a gap audit to identify major gaps in meeting the requirements of the standard. This independent review will identify strengths, weaknesses, and opportunities for improvement. Many companies prefer undergoing a preliminary gap audit to ensure they fully understand the standard’s requirements prior to their actual certification audits.
2

Perform Stage 1 Audit:
Readiness Review

3

Readiness Review

This review is conducted to determine whether your organization is ready to move to Stage 2 Audit (Certification Audit) by confirming that:

  • The management system addresses all the requirements of the standard.
  • The management system has been implemented and the client is ready for the Stage 2 Audit (Certification Audit).

Note that a full management review and internal audit must occur prior to conducting the Stage 2 Audit (Certification Audit)

3

Perform Stage 2 Audit:
Certification Audit

4

Certification Audit

This onsite audit is conducted to ensure that the processes and documents examined during the Stage 1 Audit (Readiness Review) are in use and that the system is implemented according to the requirements of the standard.

The key deliverables from this stage include:

  • An audit report detailing positive aspects, issues for resolution (non-conformances), and areas for improvement.
  • A recommendation regarding your registration.
4

Finalize Audit Report
and Receive Certificate

5

Finalize Audit Report and Receive Certificate

The results from the Stage 1 and Stage 2 audits are reviewed to ensure that all Orion accreditation requirements have been met and a proper recommendation made. At this point, approval is given to either certify, seek clarification, or not certify.

5

Perform Surveillance
or Recertification Audit

6

Perform Surveillance or Recertification Audit

Registration is based on a 3-year cycle. To maintain your certification, your organization must participate in an onsite review each year. The first two are surveillance audits and only look at a portion of your system, whereas the third-year review (re-certification) is a more comprehensive audit and looks at your overall system for continued effectiveness.

6

Sign the Agreement

1

Sign the Agreement

Orion must provide a quote for all ISO standards. The terms and conditions must be signed and returned to Orion along with any required deposit.
1

Perform GAP Audit (optional)

2

Perform GAP Audit (optional)

Prior to your Stage 1 or Stage 2 audit, Orion can perform a gap audit to identify major gaps in meeting the requirements of the standard. This independent review will identify strengths, weaknesses, and opportunities for improvement. Many companies prefer undergoing a preliminary gap audit to ensure they fully understand the standard’s requirements prior to their actual certification audits.
2

Perform Stage 1 Audit:
Readiness Review

3

Readiness Review

This review is conducted to determine whether your organization is ready to move to Stage 2 Audit (Certification Audit) by confirming that:

  • The management system addresses all the requirements of the standard.
  • The management system has been implemented and the client is ready for the Stage 2 Audit (Certification Audit).

Note that a full management review and internal audit must occur prior to conducting the Stage 2 Audit (Certification Audit)

3

Perform Stage 2 Audit:
Certification Audit

4

Certification Audit

This onsite audit is conducted to ensure that the processes and documents examined during the Stage 1 Audit (Readiness Review) are in use and that the system is implemented according to the requirements of the standard.

The key deliverables from this stage include:

  • An audit report detailing positive aspects, issues for resolution (non-conformances), and areas for improvement.
  • A recommendation regarding your registration.
4

Finalize Audit Report
and Receive Certificate

5

Finalize Audit Report and Receive Certificate

The results from the Stage 1 and Stage 2 audits are reviewed to ensure that all Orion accreditation requirements have been met and a proper recommendation made. At this point, approval is given to either certify, seek clarification, or not certify.

5

Perform Surveillance
or Recertification Audit

6

Perform Surveillance or Recertification Audit

Registration is based on a 3-year cycle. To maintain your certification, your organization must participate in an onsite review each year. The first two are surveillance audits and only look at a portion of your system, whereas the third-year review (re-certification) is a more comprehensive audit and looks at your overall system for continued effectiveness.

6

Sign the Agreement

Orion must provide a quote for all ISO standards. The terms and conditions must be signed and returned to Orion along with any required deposit.
1

Perform GAP Audit (optional)

Prior to your Stage 1 or Stage 2 audit, Orion can perform a gap audit to identify major gaps in meeting the requirements of the standard. This independent review will identify strengths, weaknesses, and opportunities for improvement. Many companies prefer undergoing a preliminary gap audit to ensure they fully understand the standard’s requirements prior to their actual certification audits.
2

Perform Stage 1 Audit:
Readiness Review

This review is conducted to determine whether your organization is ready to move to Stage 2 Audit (Certification Audit) by confirming that:

  • The management system addresses all the requirements of the standard.
  • The management system has been implemented and the client is ready for the Stage 2 Audit (Certification Audit).

Note that a full management review and internal audit must occur prior to conducting the Stage 2 Audit (Certification Audit)

3

Perform Stage 2 Audit:
Certification Audit

This onsite audit is conducted to ensure that the processes and documents examined during the Stage 1 Audit (Readiness Review) are in use and that the system is implemented according to the requirements of the standard.

The key deliverables from this stage include:

  • An audit report detailing positive aspects, issues for resolution (non-conformances), and areas for improvement.
  • A recommendation regarding your registration.
4

Finalize Audit Report
and Receive Certificate

The results from the Stage 1 and Stage 2 audits are reviewed to ensure that all Orion accreditation requirements have been met and a proper recommendation made. At this point, approval is given to either certify, seek clarification, or not certify.

5

Perform Surveillance
or Recertification Audit

Registration is based on a 3-year cycle. To maintain your certification, your organization must participate in an onsite review each year. The first two are surveillance audits and only look at a portion of your system, whereas the third-year review (re-certification) is a more comprehensive audit and looks at your overall system for continued effectiveness.

6

Schedule a Consultation

This field is for validation purposes and should be left unchanged.