BS 25999 Certification Whitepapers Case Studies

Successful ISO27001 certification involves organizational commitment, a well-defined scope, a proven methodology and the leadership of a trusted partner.

Orange Parachute provides industry-leading information security expertise and helps organizations around the world achieve ISO27001 certification.

• Orange Parachute has led more successful ISO27001 certifications than any other information security management systems organization worldwide.
• Our unique tools, framework, and methodology for ISO implementation differentiate us from our competition.
• All of our consultants are certified auditors and know exactly what is required for an audit and ISO certification.
• In fact, Orange Parachute consultants train ISO27001 Lead Auditors as part of our associate consultancy with BSI.

Preparing for ISO27001 Certification
Orange Parachute will work with you to complete the necessary steps for certification of your organization's Information Security Management System. We develop the formal scope, domain definition, Statement of Applicability (SoA) and other documentation as needed. During this preparatory step, the Certification Body is scheduled to perform the ISO27001 certification audit.

ISO27001 Certification Audit

Stage 1:
The actual ISO27001 certification conformity audit is performed in two stages, typically six weeks apart. The first portion is a "stage 1 documentation review." During this phase, the lead auditor will request certain documentation elements. The purpose of this stage is to ensure that proper documentation of the ISMS exists and covers the general requirements.

Stage 2:
During the second phase, auditors interview staff to determine the validity of the Information Security Management System, including the actual implementation, use of processes, and staff competency.

Orange Parachute can help you through all or part of the certification audit process. Contact us to have our expert consultants prepare and review documentation and/or train staff to confidently execute ISO27001 auditor interviews.

ISO27001 Surveillance Audits
Surveillance audits are typically performed every six to twelve months, depending on the results of the initial ISO27001 certification audit. A typical audit of this type focuses on the non-conformities, recommendations, opportunities for improvement, and observations discovered in the initial certification audit. Orange Parachute experts and methods can help you enhance your system between audits and sustain preparedness in anticipation of surveillance audits.

Maintaining Compliance with Continuous Process Improvement
Continuous Process Improvement is a cornerstone of effective Information Security Management Systems and is critical to demonstrating ongoing management of an ISO27001-certified organization. Orange Parachute consultants will build multiple process components into an Information Security Management System that provide feedback and reveal areas for improvement.

Orange Parachute's ISO27001 / ISO27002 Services:

• ISO27001 Certification
• ISO27001 / ISO27002 Overview and Workshop
• ISO27001 / ISO27002 Training (Registrar Approved)
• ISO27001 / ISO27002 Readiness Assessment
• ISO27001 / ISO27002 Gap Analysis
• ISO27001 / ISO27002 Conformance Assessment
• Information Security Management System Development and Implementation
• Audit Advocacy

Contact Us for further information regarding our ISO27001 Certification services.