ISO 27001 is one of our specialties. Our Practice Lead, Waqar Mehboob, has over 22 years of experience in security compliance.
Many of our team members are not only experienced in ISO 27001 compliance but are themselves certified as ISO 27001 Lead auditors. We can help clients with the project scoping, and planning and support them throughout the execution journey. We can support clients all the way through the ISO 27001 certification audit and surveillance audit stages.
Canadian Cyber has an experienced team of trained professionals who have the skills and experience to help client organizations achieve ISO 27001 certification. Specific services can include the following:
Internal audit is a requirement for ISO 27001. Canadian Cyber provides internal audits for ISO 27001. Specific services can include
Ans: ISO 27001 certification is the start of your cybersecurity journey and not the end of it. Canadian Cyber has experience with Small and Medium-sized Businesses (SMB) and can provide guidance on cost-effective ways to jumpstart the ISO 27001 project. We are ‘trusted advisors for our clients during this journey.
Ans: ISO 27001 framework (or ‘Information Security Program’ or ‘Information Security Management System ISMS’) is a combination of policies, procedures, people and technology systems for organizations to use and protect their information in an efficient and cost-effective way. The standard encourages a ‘risk-based approach’ rather than a ‘compliance checklist’ based approach. Canadian Cyber consultants have over 22 years of risk management experience and can assist clients in implementing meaningful, compliant and economically feasible ISMS.
Ans: After conducting a risk assessment and preparing (Statement of Applicability or SOA) in an organization, Canadian Cyber will implement ISO 27001 controls to fill those gaps with changes in security arrangements and some new procedures in the existing organization’s security arrangements. Canadian Cyber will provide not only advice and guidance but also the necessary training and, if required, human resourcing for the project.
Ans: “ISO/IEC 27001:2022” is the latest version updated in OCT 2022; before that, “ISO/IEC 27001:2013” was followed.
Ans: “ISO/IEC 27001:2022” is the latest version updated in OCT 2022. Main updates include major changes in Annex A, which is almost 11 changes in controls of it and other minor changes are in the clauses. But overall, Annex A controls have decreased to 93 from 114. The main reason is due to the merging of controls. 57 controls were merged into 24 controls, some of the controls were renamed, and 11 new controls were added.
Ans: ISO/IEC27001:2022 added 11 new controls, which are:
Ans: “ISO/IEC 27701:2019” is a privacy extension of ISO 27001 & ISO 27002. It is an extension and next-level data security to ISO IEC 27001.
Ans: There are many benefits of ISO 27001 standards, some are mentioned below:
Ans: Whether it is security hardening for a server or compliance with a cybersecurity standard, our clients trust our professional advice. And we don’t simply end there. We go to the next level to provide human resources and skills for implementation.
We offer a wide range of cybersecurity services, including implementation and consulting for ISO 27001, SOC 1&2, CIS, CMMC and VCISO services.
Ans: Canadian Cyber consists of a team of experienced professionals who have gained knowledge by working globally and continuously learning.
With more than 50 years of combined experience in cybersecurity, our team has exposure to the world’s top companies, making us experts in the cybersecurity domain. They work from different geographic regions and time zones, which helps bring various innovative ideas and methodologies to deliver outstanding services. Moreover, it also allows us to continue to assist clients around the clock.