Demonstrating security compliance on an international scale usually involves building out a program adherent to ISO (International Organization for Standardization) standards is of utmost importance.
The ISO 27000 family encompasses all aspects of information security management, with ISO 27001 being the world’s best-known standard for information security systems. HanaByte excels at guiding organizations to be ready for an ISO 27k certification, creating guardrails and removing roadblocks for an information security program.
Perform workshops on ISO 27k processes – educating key stakeholders, technical personnel, and support teams on a variety of topics. Workshops are interactive and are used to learn more about your business
Deliverables
Delivery of a variety of workshops covering ISO 27k processes/authorization paths including topics of security continuous monitoring and response planning
Regular remote meetings to track progress that best fits your schedule
Personnel
Security Consultant(s) will be assigned to the engagement for a flat fee
Customer Responsibilities
Provide access to related documentation and in-scope systems
Guidance in assessing your existing services and its control implementations, infrastructure, detection and response policies, recovery procedures, and relevant documentation adherent to ISO 27k
Guidance through ISO 27k – educating key stakeholders, technical personnel, and support teams on a variety of topics.
Guidance on which key functions to prioritize in accordance with gaps in the organization.
Deliverables
Regular meetings regarding ISO 27k processes including topics of key functions
Regular meetings to provide recommendations with third party companies
Personnel
Security Consultant(s), billed hourly as needed for the engagement
Customer Responsibilities
Provide access to related documentation and in-scope systems
Assessment of your existing information security program and its control implementations, infrastructure, detection and response policies, recovery procedures, and relevant documentation in order to perform a gap analysis for ISO 27k
Creation of a report with a detailed roadmap of efforts in regards to people, processes, and technology with recommendations for all unmet requirements
Deliverables
Delivery of a variety of workshops covering ISO 27k processes/authorization paths including topics of security continuous monitoring and response planning
Regular remote meetings to track progress that best fits your schedule
Personnel
Security Consultant(s), billed 5 days full-days per week for the engagement
Expected turnaround time of engagement to be 2-3 months
Customer Responsibilities
Provide access to related documentation and in-scope systems
Assessment of your existing services and its control implementations, infrastructure, detection and response policies, recovery procedures, and relevant documentation in order to perform a gap analysis
Perform workshops on ISO 27k – educating key stakeholders, technical personnel, and support teams on a variety of topics. Workshops are interactive and are used to learn more about your business
Creation of a report with a detailed roadmap of efforts in regards to people, processes, and technology with recommendations for all unmet requirements
Deliverables
Detailed readiness assessment includes review of your environment, information security policies, procedures, personnel, and controls
Delivery of a variety of workshops covering ISO 27k including topics of security continuous monitoring and response planning
Remediation plan with detailed steps to resolve gaps within a feasible timeline and regular meetings to track progress
Personnel
Security Consultant(s), billed 5 days full-days per week for the engagement
One or more HanaByte Security Consultants may travel to your organization’s site to conduct hands-on assessment and workshops
Gap assessment and workshops may be conducted concurrently for a reduced turnaround time in the case of assignment of multiple HanaByte Security Consultants
Customer Responsibilities
Provide access to related documentation and in-scope systems
