If your business is considering ISO 27001 certification or is already on the path, this show is full of tips and guidance to help you along the way.
HAMILTON, N.J. (PRWEB) August 19, 2020
The ISO 27001 information security management system standard has been praised and embraced in the US and globally as the “gold standard” among information security attestations. With regulators, customers, boards and other stakeholders all clamoring for proof of a strong security posture, the number of organizations seeking ISO 27001 certification is growing at a year-over-year rate of over 90% in the US and 20% globally.
But setting off on the path of ISO 27001 certification might feel a little bit like following the Yellow Brick Road. You know there’s an audit at the end… But what are you really getting into? What will the audit focus on? How do you find the right registrar/certification body? How can you make sure your audit is successful—and as painless as possible?
The perfect person to answer those kinds of questions is Ryan Mackie, Principal and ISO Practice Director at compliance and attestation leader Schellman & Company. On the latest episode of The Virtual CISO Podcast from Pivot Point Security, Ryan takes a deep-dive into the what, why and how of ISO 27001 certification audits. Accompanying him is host John Verry, Pivot Point CISO and Managing Partner, and like Ryan an ISO 27001 certified Lead Auditor.
If your business is considering ISO 27001 certification or is already on the path, this show is full of tips and guidance to help you along the way. Topics include:
- The difference between the two stages of the ISO 27001 audit process
- The logic behind the unique ISO 27001 audit process, including what it will focus on
- What to expect on the day of the audit
- What to look for in a registrar (and what to avoid)
To listen to this episode at any time, along with any of the previous episodes in The Virtual CISO Podcast series, visit this page.
About Pivot Point Security
Since 2001, Pivot Point Security has been helping organizations understand and effectively manage their information security risk. We work as a logical extension of your team to simplify the complexities of security and compliance. We’re where to turn—when InfoSec gets challenging.