Helping you achieve ISO/IEC 27001 compliance
Achieving ISO/IEC 27001 certification demonstrates to customers, partners and other stakeholders that an organisation is committed to managing information safely and securely.
The long road to ISO 27001 compliance can be daunting for any business. It can be difficult to understand and effectively prioritise the required compliance measures, particularly if in-house resources are stretched.
As an award-winning provider of cyber security and consultancy services, Redscan is well placed to help your organisation assess and improve its information security in line with ISO 27001 controls and demonstrate compliance with the GDPR and other regulatory requirements.
Stage 1 consists of a preliminary assessment of an organisation’s ISMS, including collation of security policy documentation. Two key documents are the Statement of Applicability (SoA) and Risk Treatment Plan (RTP).
Stage 2 includes a formal compliance audit where the ISMS is tested against ISO 27001 requirements. Organisations being assessed need to ensure they are able to produce documentation on the ISMS’s design and implementation, as well as evidence that it is being actively operated and maintained.
Organisations that pass Stage 2 are deemed ISO 27001 certified, but they must also go through a series of follow-up reviews and audits to confirm they remain compliant. This is recommended to happen at least annually, but typically takes place much more regularly while the ISMS is in its infancy.
ISO 27001 penetration testing
ISO 27001 pen testing
ISO 27001 certification is not an overnight process and most organisations will struggle to prepare for an audit without external assistance. The ability to identify and address vulnerabilities is critical to an ISMS, and the most effective way to do this is to implement a programme of regular security testing.
Objective A.12.6.1 of ISO 27001 states that information about technical security vulnerabilities should be obtained in a timely fashion, exposure to these vulnerabilities evaluated and appropriate measures taken to address the associated risks.
Redscan’s CREST-approved team of pen testing experts have extensive experience helping organisations across a range of sectors build security testing programmes. We provide in-depth risk analysis and complete post-test care to ensure identified vulnerabilities can be remediated in a timely fashion. Whether you’re looking for an internal/external network assessment, web app/mobile app test or custom phishing and social engineering simulation, our friendly team is here to help.
More about ISO 27001 penetration testing
ISO 27001 incident management
ISO 27001 threat and incident management
One of the overarching requirements of an Information Security Management System is the development of a comprehensive suite of threat management controls that is monitored on an ongoing basis. Objective A.16.1 covers security incident management, including detection, response, and reporting.
Unless you have a large in-house security team dedicated to the task, it can be difficult to build the necessary capabilities to detect and respond to threats on an ongoing basis. ThreatDetect™ is Redscan’s outcome-focused Managed Detection and Response service that supplies the people, technology and cyberoffensive intelligence required to proactively hunt for threats and shut them down as quickly as possible.
We work closely with our clients to identify their specific security risks and implement a solution that provides the tangible security outcomes needed to satisfy a wide range of use cases.
- A leading UK-based MDR and testing company
- An outcome-focused approach
- CREST-accredited SOC and red team
- In-depth threat analysis and remediation guidance
- Multi award-winning security services
- Avg. >9/10 customer service, 95% retention rate
Managed Detection and Response
Award-winning support to rapidly detect and respond to the latest threats 24/7Read more
Specialist engagements to uncover and address hidden cyber security risksRead more
Managed Security Services
Expert help to manage and monitor your choice of security technologiesRead more
Get in touch
Complete the form for a prompt response from our team.