Twitter

ISO 27002 Benchmark Assessment

SAS 70 Solutions provides assessments services based on the ISO/IEC 27000 series of standards. This includes ISO/IEC 27002 titled Information Technology - Security Techniques - Code of Practice for Information Security Management.

The ISO 27002 standard includes the following sections:

  • Risk assessment
  • Security policy
  • Organization of information security
  • Asset management
  • Human resources security
  • Physical and environmental security
  • Communications and operations management
  • Access control
  • Information systems acquisition, development and maintenance
  • Business continuity management
  • Compliance
Scoping

The scope of assessment can be an entire enterprise, a specific business unit, or domain of focus. In general, the scope should align with the ISO 27001 definition of an Information Security Management System (ISMS).

Deliverables

The primary deliverables of our ISO 27002 benchmark assessments include:

  • Detailed project plan for the assessment
  • Comprehensive information request list allowing the organization’s personnel to gather documentation in advance of fieldwork
  • Benchmarking report indicating areas of compliance and non-compliance with the standard
Who Should Consider an ISO 27002 Compliance Review?

The following are characteristics of the ideal candidate for ISO 27002 compliance review services:

  • Any organization, business unit/division, or product line, that seeks to benchmark its operations against the most widely adopted information security standard
  • Any organization that is required by its customers to be aligned with the ISO 27001 or 27002 framework
Back to Top