BS 25999 Certification Whitepapers Case Studies

Successful ISO 27001 certification involves organizational commitment, a well-defined scope, a proven methodology and the leadership of a trusted partner.

Orange Parachute provides industry-leading information security expertise and helps organizations around the world achieve ISO 27001 certification.

• Orange Parachute has led more successful ISO 27001 certifications than any other information security management systems organization worldwide.
• Our unique tools, framework, and methodology for ISO implementation differentiate us from our competition.
• All of our consultants are certified auditors and know exactly what is required for an audit and ISO certification.
• In fact, Orange Parachute consultants train ISO 27001 Lead Auditors as part of our associate consultancy with BSI.

Preparing for ISO 27001 Certification
Orange Parachute will work with you to complete the necessary steps for certification of your organization's Information Security Management System. We develop the formal scope, domain definition, Statement of Applicability (SoA) and other documentation as needed. During this preparatory step, the Certification Body is scheduled to perform the ISO 27001 certification audit.

ISO 27001 Certification Audit

Stage 1:
The actual certification audit is performed in two stages, typically six weeks apart. The first portion is a "stage 1 documentation review." During this phase, the lead auditor will request certain documentation elements. The purpose of this stage is to ensure that proper documentation of the ISMS exists and covers the general requirements.

Stage 2:
During the second phase, auditors interview staff to determine the validity of the Information Security Management System, including the actual implementation, use of processes, and staff competency.

Orange Parachute can help you through all or part of the certification audit process. Contact us to have our expert consultants prepare and review documentation and/or train staff to confidently execute ISO 27001 auditor interviews.

ISO 27001 Surveillance Audits
Surveillance audits are typically performed every six to twelve months, depending on the results of the initial ISO 27001 certification audit. A typical audit of this type focuses on the non-conformities, recommendations, opportunities for improvement, and observations discovered in the initial certification audit. Orange Parachute experts and methods can help you enhance your system between audits and sustain preparedness in anticipation of surveillance audits.

Maintaining Compliance with Continuous Process Improvement
Continuous Process Improvement is a cornerstone of effective Information Security Management Systems and is critical to demonstrating ongoing management of an ISO 27001-certified organization. Orange Parachute consultants will build multiple process components into an Information Security Management System that provide feedback and reveal areas for improvement.

Orange Parachute's ISO 27001 / ISO 27002 Services:

• ISO 27001 Certification
• ISO 27001 / ISO 27002 Overview and Workshop
• ISO 27001 / ISO 27002 Training (Registrar Approved)
• ISO 27001 / ISO 27002 Readiness Assessment
• ISO 27001 / ISO 27002 Gap Analysis
• ISO 27001 / ISO 27002 Conformance Assessment
• Information Security Management System Development and Implementation
• Audit Advocacy

Contact Us for further information regarding our ISO 27001 Certification services.