Maturity Level Analysis
The secure operation of information technologies in companies is complex. Numerous technical, organizational and personnel aspects are to be taken into account. In addition, there are also legal regulations to enforce the implementation of certain security concepts.
Objective
Evaluation of the technical, organizational and personnel security measures in accordance with ISO / IEC 27001 and development of optimization measures
Question
Do existing security measures meet the requirements of ISO / IEC 27001 and what other measures are necessary for successful certification?
Scope
Entire IT environment, defined sub-areas as well as company buildings / premises (locations)
Procedure
The Maturity Level Analysis is based on comprehensive interviews with the IT and system managers, using detailed questionnaires, documentation reviews and site inspections. The applied assessment materials are proven in practice and comply with ISO/IEC 27001.
In more complex IT environments, the assessment is generally performed by two auditors with shared responsibilities for audit management, interviewing and response documentation.
It is recommended that the analysis is carried out in combination with a technical assessment (e.g. vulnerability analysis , penetration test , etc.)
Components
The following areas are covered in the assessment:
- Management & organization
- Technology & operation
- BCM & emergency plan
- Physical security
- Contractual relationships
- Software development & maintenance (optional)
- Cloud computing (optional)
Result
In addition to the presentation of results within the questionnaires and the identification of necessary measures, the results will also be displayed in radar charts which are ideal for a presentation on the current state of the information and IT security to the management.