ISO 27001 Compliance & Certification

ISO 27001 specifies the requirements for the policies, procedures and processes that comprise a company’s information security management system (ISMS). This international standard was developed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an ISMS.

Let's get started

NAVEX One®

Addressing ISO 27001 compliance and certification

ISO 27001 uses a top-down, risk-based approach. Earning certification in this standard is not based on adhering to a set of predetermined rules. Instead, an organization is certified based on a set of controls that are specific to its risks. These controls comprise the company’s Statement of Applicability, a document that ISO auditors use to certify against.

ISO 27001 certification is not a checkbox list of requirements. It’s an ongoing process of cataloging risks, assessing the severity of risks, applying controls, planning for remediation, and providing evidence that an organization is performing the tasks it identified as important to its risk management. The certification also requires organizations continually improve their operations from a risk-based perspective.

Download the Datasheet

What You Need

Centralized Management

Store compliance mandates, policies, and controls in a central location.

Incident Management

Perform incident management, from root cause analysis to record-keeping.

Risk-Based Approach

Link IT risks to business risks for an enterprise-wide view of risk.

Defensibility

Implement API integrations with technology providers.

Reporting

Create interactive dashboards and drill-down for supporting details.

High Visibility

Collaborate across departments and levels of the organization.

Steps You Can Take for ISO 27001 Management

Step 1

Identify and document threats, vulnerabilities, and impacts

Step 2

Design and implement a comprehensive program of information security controls

Step 3

Develop a management process to ensure that the information security controls continually meet information security needs

ISO 27001 Certification

The Lockpath platform enables a more efficient, more effective ISO 27001 certification process and ongoing audit management.

Learn more
Major Health Information Network Connects To Better Information Security

The nation's largest health information network, uses Lockpath for information security, operational risk management, as well as to impact decision making. Download the case study.

Learn more
Scalable Policy Management Helps Carnegie Robotics Earn ISO 9001:2008 Certification

With PolicyTech, Carnegie Robotics has been able to remain flexible as they added more employees and increased their number of policies and procedures.

Learn more