ISO 27001 Certification

ISO 27001

ISO 27001 is one of our specialties. Our Practice Lead, Waqar Mehboob, has over 22 years of experience in security compliance.

Many of our team members are not only experienced in ISO 27001 compliance but are themselves certified as ISO 27001 Lead auditors. We can help clients with the project scoping, and planning and support them throughout the execution journey. We can support clients all the way through the ISO 27001 certification audit and surveillance audit stages.

ISO 27001 Implementation

Canadian Cyber has an experienced team of trained professionals who have the skills and experience to help client organizations achieve ISO 27001 certification. Specific services can include the following:

  • Scoping
  • Gap assessment
  • Risk assessment
  • Risk treatment plans
  • Statement of applicability
  • Policies and procedures
  • Implementation support
  • Training for control owners, executives and internal auditor

 

ISO 27001 Internal audit

Internal audit is a requirement for ISO 27001. Canadian Cyber provides internal audits for ISO 27001. Specific services can include

  • Plan and conduct Internal Audits including control walkthroughs and testing
  • Prepare and submit the final audit report
  • Internal audit procedures
  • Internal Auditor training

Frequently Asked Questions (FAQs)

Q1: Is ISO 27001 certification enough for an organization’s security? 

Ans: ISO 27001 certification is the start of your cybersecurity journey and not the end of it. Canadian Cyber has experience with Small and Medium-sized Businesses (SMB) and can provide guidance on cost-effective ways to jumpstart the ISO 27001 project. We are ‘trusted advisors for our clients during this journey.

Q2: What is Information Security Management System (ISMS)? 

Ans: ISO 27001 framework (or ‘Information Security Program’ or ‘Information Security Management System ISMS’) is a combination of policies, procedures, people and technology systems for organizations to use and protect their information in an efficient and cost-effective way. The standard encourages a ‘risk-based approach’ rather than a ‘compliance checklist’ based approach. Canadian Cyber consultants have over 22 years of risk management experience and can assist clients in implementing meaningful, compliant and economically feasible ISMS.

Q3: How are ISO 27001 controls implemented? 

Ans:  After conducting a risk assessment and preparing (Statement of Applicability or SOA) in an organization, Canadian Cyber will implement ISO 27001 controls to fill those gaps with changes in security arrangements and some new procedures in the existing organization’s security arrangements. Canadian Cyber will provide not only advice and guidance but also the necessary training and, if required, human resourcing for the project.

Q4: Which latest ISO 27001 version is used nowadays? 

Ans: “ISO/IEC 27001:2022” is the latest version updated in OCT 2022; before that, “ISO/IEC 27001:2013” was followed.

Q5: What changed in ISO 27001:2022 version? 

Ans: “ISO/IEC 27001:2022” is the latest version updated in OCT 2022. Main updates include major changes in Annex A, which is almost 11 changes in controls of it and other minor changes are in the clauses. But overall, Annex A controls have decreased to 93 from 114. The main reason is due to the merging of controls. 57 controls were merged into 24 controls, some of the controls were renamed, and 11 new controls were added.

Q6. Which 11 new controls were added in the ISO/IEC27001:2022? 

Ans:  ISO/IEC27001:2022 added 11 new controls, which are:

  • A.5.7 Threat intelligence
  • A.5.23 Information security for the use of cloud services
  • A.5.30 ICT readiness for business continuity
  • A.7.4 Physical security monitoring
  • A.8.9 Configuration management
  • A.8.10 Information deletion
  • A.8.11 Data masking
  • A.8.12 Data leakage prevention
  • A.8.16 Monitoring activities
  • A.8.23 Web filtering
  • A.8.28 Secure coding

Q7: What is ISO 27701? 

Ans: “ISO/IEC 27701:2019” is a privacy extension of ISO 27001 & ISO 27002. It is an extension and next-level data security to ISO IEC 27001.  

Q8: What are the benefits of ISO 27001? 

Ans: There are many benefits of ISO 27001 standards, some are mentioned below:

  • Enhance the security of your data and information. It is a risk-based and gradual improvement in your organization’s security posture.
  • Customers find you more reliable than before. These days, it is becoming common to include this as a key requirement by customers. It is a prerequisite to do business.
  • Decrease threat level to your organization
  • You can differentiate from your competitors.
  • Decrease internal communication gaps in your organization
  • Increase the efficiency of your organization
  • Helps improve Business Continuity 
  • Meets the international security standards of your organization to get recognized in future.

Q9: What can Canadian Cyber do for you? 

Ans: Whether it is security hardening for a server or compliance with a cybersecurity standard, our clients trust our professional advice. And we don’t simply end there. We go to the next level to provide human resources and skills for implementation.
We offer a wide range of cybersecurity services, including implementation and consulting for ISO 27001, SOC 1&2, CIS, CMMC and VCISO services.   

Q10: Why choose Canadian Cyber? 

Ans: Canadian Cyber consists of a team of experienced professionals who have gained knowledge by working globally and continuously learning.
With more than 50 years of combined experience in cybersecurity, our team has exposure to the world’s top companies, making us experts in the cybersecurity domain. They work from different geographic regions and time zones, which helps bring various innovative ideas and methodologies to deliver outstanding services. Moreover, it also allows us to continue to assist clients around the clock.