ISO 27001 Preparedness Methodology

We tailor every compliance review to our clients’ requirements; however we have a four phase fundamental process that normally meets our clients’ needs and creates an efficient unobtrusive review so you can focus on your business and we can focus on your compliance.

Scope (phase 1):  Since the International Organization for Standardization (ISO) 27001 outlines specific requirements, defining the scope of an ISO 27001 engagement involves understand how your organization’s information security requirements and security objectives aligns with the ISO 27001 standards.  Do not be concerned if you have not defined your information security requirements or objectives; we work closely with your management to help define this process and ensure we have an accurate scope for the engagement.

Plan (Phase 2):  We offer two options for the planning phase of your review.

1.     We provide our in-house developed questionnaires and request list that are based on ISO 27001 requirements.  Customers benefit from this approach by getting to work at their own pace with just a deadline in mind.

2.     The other option is an onsite visit to perform walkthroughs of the relevant service offerings.  We then customize our review plan and deliver a detailed document request list to prepare our clients for phase three (fieldwork).

Fieldwork (Phase 3): Consists of onsite interviews, walkthrough of relevant business processes and testing as it relates to ISO 27001.  Our auditors have a minimum of five years of experience with the big 4, large consulting firms and smaller boutique firms specializing in information technology advisory services.  Due to this we are efficient and understand what is required for each review.  Don’t worry, you don’t have to train our auditors, we are qualified at what we sell.

Report (Phase 4): Your ISO 27001 report and recommendations is essentially what you pay us for, therefore we make sure that we have quality written, well define deliverables that are focused on providing your organization with everything needed to understand how you compare to ISO 27001 standards.  We also provide management recommendations and a road map to correct any deficiencies identified.  We take pride in delivering quality and timely reports and stand behind everything we issue.


Assurance Concepts is now Skoda Minotti Risk Advisory Services. Click here to view this page on our new website: ISO 27001 Preparedness Methodology.

More Information