ISO 27001 (International Organization for Standardization)

ISO/IEC 27001 is the best-known standard in the ISO family providing requirements for an information security management system (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. Organizations that meet the ISO requirements may be certified by an accredited certification body following successful completion of an audit. TBC can assist your organization with achieving ISO 27001 certification. We offer the following assessment activities:

ISO Gap Analysis:

TBC reviews your organization’s current administrative, technical and physical posture and provides a ISO 27001 Gap Analysis Report. To do this, TBC maps your organizations ISMS program to the following ISO/IEC 27001 information security controls:

A.6: Organization of information security:
• A.6.2.1; A.6.2.2
A.8: Asset management:
• A.8.2.1
A.9: Access control:
• A.9.1.2; A.9.2.1; A.9.2.2; A.9.2.3; A.9.2.4; A.9.2.5;
• A.9.2.6; A.9.3.1; A.9.4.2; A.9.4.3; A.9.4.5
A.12: Operations security:
• A.12.1.2; A.12.4.1; A.12.4.2; A.12.4.3; A.12.5.1
A.13: Communications security:
• A.13.1.1; A.13.2.1
A.14: System acquisition, development and maintenance:
• A.14.2.2; A.14.2.4
A.16: Information security incident management:
• A.16.1.2; A.16.1.4; A.16.1.5; A.16.1.7
A.18: Compliance:
• A.18.1.3; A.18.1.4

TBC Compliance as a Service – ISO 27001 Compliance as a Service (CAAS): At Tampa Bay Compliance, we understand there are many ways an organization can fall short of ISMS / ISO 27001 compliance. In fact, it can often be as simple as not knowing the requirements. The experts at TBC along with working with a third-party audit certification firm are poised to help with our multi-step ISO 27001 CAAS process.

STEP 1: ISO 27001 GAP ASSESSMENT / ANALYSIS

To begin the ISO 27001 Compliance process, TBC performs an initial assessment through an interview and verification process. This creates a snapshot of your organization’s ISO 27001 compliance to uncover the areas that are noncompliant. Our detailed gap assessment report outlines the issues and provides recommendations for achieving organizational compliance. The gap assessment allows recipients to quickly see missing or incomplete items, undocumented policies and/or procedures, as well as inadequate privacy and security measures.

STEP 2: ISO 27001 REMEDIATION

No organization is perfect. There will be issues, and plans of action must be put into place to close gaps in compliance determined in the assessment. TBC provides a detailed remediation plan at the end of the gap assessment. This allows your organization to determine where resources and budgetary planning is needed to achieve ISO 27001 compliance. Our remediation service includes 12 hours of onsite or offsite consulting, access to policy templates and procedures.

STEP 3: ISO 27001 CERTIFICATION

At the end of the remediation period, TBC engages with ISO 27001 audit firm to perform an independent assessment of your organization and to obtain ISO 27001 Certification.

STEP 5: QUARTERLY COMPLIANCE REVIEW

Each quarter, TBC provides an in-depth review of the changes that have been implemented throughout your organization. This can include changes in compliance posture, services and/or the IT infrastructure. We also provide a summary of the review, and when applicable, a list of the gaps and recommendations for remediation.

Tampa Bay Compliances CAAS is available in plans ranging from 12 to 24-month terms. An upfront fee is required and determined by the size and complexity of your organization, as well as the desired remediation period with the remainder of the fee billed in equal monthly increments.