ISO/IEC Certification Audits and Assessments; we are ready when you are! Call +1 (888) 896-7580 today.

The professionals at Lazarus Alliance are completely committed to you and your business’ ISO 27000 certification audit (27001, 27017, 27018, and 27701). Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations. Our competition may want to keep you and your employees in the dark where security, risk, privacy and governance are concerned, hoping to conceal their methodology and expertise. We don’t prescribe to that philosophy. We believe the best approach is transparent and built on a partnership developed on trust and credibility, creating sustainability within your organization.
ISO/IEC 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System (ISMS).

ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

Learn more ..

ISO/IEC 27017 is a unique technology standard in that it provides requirements for the customer as well as the cloud service provider.

ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services. ISO/IEC 27017 provides controls and implementation guidance for both cloud service providers and cloud service customers.

Learn more ..

ISO/IEC 27018 is a unique information technology code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.
ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, ISO/IEC 27018 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services. ISO/IEC 27018 is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations. ISO/IEC 27018 can also be relevant to organizations acting as PII controllers. However, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. This document is not intended to cover such additional obligations.
ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls.
ISO/IEC 27701 specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization. ISO/IEC 27701 specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing. ISO/IEC 27701 is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an ISMS.
ISO 22301 specifies the requirements for a management system to protect against, reduce the likelihood of and ensure your business recovers from disruptive incidents.
ISO/IEC 22301 specifies the requirements for a management system to protect against, reduce the likelihood of, and ensure your business recovers from disruptive incidents. ISO/IEC 22301 specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise. The ISO/IEC 22301 requirements specified are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.

Comprehensive ISO/IEC Pre-Assessment and Certification Audit Services

Once a company has made the decision to enlist a third party to provide a service, they want assurances that those services will be provided timely, accurately, and securely. A ISO 27000 certification audit shows your commitment to maintaining a sound control environment that protects your client’s data and confidential information.

Contact us for more information

Download our company brochure.

Please wait while flipbook is loading. For more related info, FAQs and issues please refer to DearFlip WordPress Flipbook Plugin Help documentation.

Lazarus Alliance’s ISO can provide an early stage gap analysis to determine what pieces of your ISMS are in place or what pieces are missing before you move forward to an informal pre-assessment or to the formal certification audit. The gap analysis is ideal for organizations who are in the process of finalizing their ISMS.
Lazarus Alliance’s ISO can provide a review of your ISMS and its operation essentially as a preview for the future audit. As part of this work, Lazarus Alliance will do a document review and interview employees and other key constituents. The pre-assessment’s objective is to seek the degree of conformance of your system to the ISO standard and provide a readiness level for the actual certification audit.

What to Expect

Through the successful completion of hundreds of audits around the world for organizations of all sizes, Lazarus Alliance has developed an efficient methodology and proprietary assessment protocols to evaluate the controls in place at your organization.

Differentiate yourself from your competitors by providing independent verification that your information security management system has met the requirements of this globally-recognized information security standard.

Certificates issued are valid for a three-year term, during which time observation audits and certification maintenance is periodically performed. Lazarus Alliance assessors conduct brief onsite reviews to ascertain if any material changes have been made to the ISMS as well as perform limited testing.
Lazarus Alliance’s ISO 27000 Audit (27001, 27017, 27018, and 27701) process initially takes just a few weeks from start to completion to baseline your organization depending on your team’s availability. The actual time to completion is typically well over six months following the conclusion of the performance period. We are cognizant that our clients have full time, everyday obligations in addition to dealing with auditors, so we are flexible to your needs and work around your schedule to provide a quality audit and report in the time frame you desire.
A significant differentiator you will immediately appreciate is our Proactive Cyber Security™ ISO 27000 Audit (27001, 27017, 27018, and 27701) methodology which take a continuous audit approach rather than the end of reporting period Audit Anarchy approach by other firms. We will also utilize the Continuum GRC technology to set you up for success. Continuum GRC is a full-featured and highly collaborative assessment and reporting tool provided by Lazarus Alliance.
You will enjoy a reduction of expense on additional compliance efforts your organization may undertake. Common processes, procedures and controls implemented as part of ISO 27001, 27017, 27018, and 27701 conformance that would be leveraged for other compliance efforts such as SSAE 16 (SOC 1, SOC 2, SOC 3)PCI DSSHIPAA, and Sarbanes-Oxley (SOX).
Lazarus Alliance creates sustainable ISO 27000 certification partnerships with our clients. We have a proven methodology and project plan that helps our clients achieve compliance on budget and on schedule. You will come to appreciate our ServiceIntegrity and Reliability which will be apparent to you from the very first call.

Certificate Directory

Lazarus Alliance maintains a public register for all certificates issued by the certifying body. The purpose of this registry is to enable third parties, who are in receipt of a certificate, to validate the legitimacy and currency of the document without having to contact a Lazarus Alliance representative.

We want to be your partner and ISO certification provider of choice! For additional information, please call 1-888-896-7580.