ISO 17799/27001

BUSINESS CHALLENGE
In today's business climate, many organizations are required to show due diligence for information security and I.T. controls in order to work with other companies, or to even stay in business. Many companies are now asking that their business partners have an independent verification of the I.T. and information security controls. Even companies that aren't required to improve their security due to regulation now want to know that their enterprise information security program is properly designed and effective, and be able to demonstrate this to their partners.

A number of businesses have tried to define best practices, but encounter skepticism if they are not based on a standard. ISO 17799 and 27001 are internationally recognized as a structured information security framework. However, most organizations may not have staff members who are familiar with the standard.

COVESTIC'S SOLUTION
Covestic provides consultants with the distinct disciplines necessary to enable an organization to successfully implement an ISO 17799 and 27001-compliant control framework. Covestic's team of veteran consultants is skilled in the design, implementation, and remediation of specific IT and information security controls.

For ISO 17799 and 27001 compliance, Covestic begins by examining the client's information assets, the expected impact of asset loss, asset threat scenarios, and the net risk. This is an essential path to establishing the Information Security Management System that is the core of an ISO 27001-compliant organization.

Covestic's next phase is designing and implementing the proper controls. This often involves documentation and process improvements along with hardware and software solutions. An important aspect of the ISO standard is that, in addition to being effective, controls are also designed to be auditable.

In the final phase, we prepare our customers for the actual certification audit by performing a control validation. Covestic will also assist in the preparation of the Statement of Applicability for the identified controls for submission to the certifying auditor.

COVESTIC ADVANTAGE
Founded on the principle that seasoned experts representing a combination of consulting and practical application experience are a critical component of technology-based initiatives, Covestic employs more than eighty industry-recognized consultants who have fostered the growth of information technology and related disciplines. Covestic team members are drawn from a variety of well-respected professional services firms and technology-oriented industry players to compose integrated, cross-disciplined teams. With expert professionals in all aspects of I.T. security consulting and business risk management, Covestic teams have successfully designed and implemented security solutions for local, state, and federal government agencies, and for Fortune 500 firms.