ISO/IEC Certification Audits and Assessments; we are ready when you are! Call +1 (888) 896-7580 today.
The professionals at Lazarus Alliance are completely committed to you and your business’ ISO 27000 certification audit (27001, 27017, 27018, and 27701) and ISO 9000 certification audit (9001 and 90003) and others. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations. Our competition may want to keep you and your employees in the dark where security, risk, privacy and governance are concerned, hoping to conceal their methodology and expertise. We don’t prescribe to that philosophy. We believe the best approach is transparent and built on a partnership developed on trust and credibility, creating sustainability within your organization.
ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
ISO/IEC 27017 gives guidelines for information security controls applicable to the provision and use of cloud services by providing additional implementation guidance for relevant controls specified in ISO/IEC 27002 and additional controls with implementation guidance that specifically relate to cloud services. ISO/IEC 27017 provides controls and implementation guidance for both cloud service providers and cloud service customers.
ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, ISO/IEC 27018 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services. ISO/IEC 27018 is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations. ISO/IEC 27018 can also be relevant to organizations acting as PII controllers. However, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. This document is not intended to cover such additional obligations.
ISO/IEC 27701 specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization. ISO/IEC 27701 specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing. ISO/IEC 27701 is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an ISMS.
ISO/IEC 22301 specifies the requirements for a management system to protect against, reduce the likelihood of, and ensure your business recovers from disruptive incidents. ISO/IEC 22301 specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise. The ISO/IEC 22301 requirements specified are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.
Learn more ..
ISO/IEC 9001 Quality Management sets out the criteria for a quality management system and is the only standard in the family that can be certified to. It can be used by any organization, large or small, regardless of its field of activity. The ISO/IEC 9001 is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. Using ISO/IEC 9001 helps ensure that customers get consistent, good-quality products and services, which in turn brings many business benefits.
ISO/IEC 90003 Software engineering - guidelines for the application of ISO 9001 to computer software provides guidance for organizations in the application of ISO/IEC 9001 to the acquisition, supply, development, operation and maintenance of computer software and related support services. Organizations can consider it useful to implement the guidelines in the ISO/IEC 90003 and can be interested in knowing whether the resultant quality management system is compliant or not with the ISO/IEC 90003. An organization can use both the ISO/IEC 90003 and ISO/IEC 9001 as assessment criteria for quality management systems in the software domain.
ISO/IEC 30141 Internet of Things (loT) - IoT can be integrated into existing technologies. Real-time measurements generated by adding sensors to existing technology can improve its functionality and lower the cost of operations (e.g. smart traffic signals can adapt to traffic conditions, lowering congestion and air pollution). The data generated by IoT sensors can support new business models and tailor products and services to the tastes and needs of the customer. In addition to the applications, the technology needs to support supervision and adaptation of the IoT system itself. An organization can use both the ISO/IEC 27018 and ISO/IEC 30141 as assessment criteria establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with Internet of Things (loT) systems.
Comprehensive ISO/IEC Pre-Assessment and Certification Audit Services
Once a company has made the decision to enlist a third party to provide a service, they want assurances that those services will be provided timely, accurately, and securely. A ISO 27000 certification audit shows your commitment to maintaining a sound control environment that protects your client’s data and confidential information.
Contact us for more information
Lazarus Alliance’s ISO can provide an early stage gap analysis to determine what pieces of your ISMS are in place or what pieces are missing before you move forward to an informal pre-assessment or to the formal certification audit. The gap analysis is ideal for organizations who are in the process of finalizing their ISMS.
Lazarus Alliance’s ISO can provide a review of your ISMS and its operation essentially as a preview for the future audit. As part of this work, Lazarus Alliance will do a document review and interview employees and other key constituents. The pre-assessment’s objective is to seek the degree of conformance of your system to the ISO standard and provide a readiness level for the actual certification audit.
What to Expect
Through the successful completion of hundreds of audits around the world for organizations of all sizes, Lazarus Alliance has developed an efficient methodology and proprietary assessment protocols to evaluate the controls in place at your organization.
Differentiate yourself from your competitors by providing independent verification that your information security management system has met the requirements of this globally-recognized information security standard.
Certificates issued are valid for a three-year term, during which time observation audits and certification maintenance is periodically performed. Lazarus Alliance assessors conduct brief onsite reviews to ascertain if any material changes have been made to the ISMS as well as perform limited testing.
Lazarus Alliance’s ISO 27000 Audit (27001, 27017, 27018, and 27701) process initially takes just a few weeks from start to completion to baseline your organization depending on your team’s availability. The actual time to completion is typically well over six months following the conclusion of the performance period. We are cognizant that our clients have full time, everyday obligations in addition to dealing with auditors, so we are flexible to your needs and work around your schedule to provide a quality audit and report in the time frame you desire.
A significant differentiator you will immediately appreciate is our Proactive Cyber Security™ ISO 27000 Audit (27001, 27017, 27018, and 27701) methodology which take a continuous audit approach rather than the end of reporting period Audit Anarchy approach by other firms. We will also utilize the Continuum GRC technology to set you up for success. Continuum GRC is a full-featured and highly collaborative assessment and reporting tool provided by Lazarus Alliance.
You will enjoy a reduction of expense on additional compliance efforts your organization may undertake. Common processes, procedures and controls implemented as part of ISO 27001, 27017, 27018, and 27701 conformance that would be leveraged for other compliance efforts such as SSAE 16 (SOC 1, SOC 2, SOC 3), PCI DSS, HIPAA, and Sarbanes-Oxley (SOX).
Lazarus Alliance creates sustainable ISO 27000 certification partnerships with our clients. We have a proven methodology and project plan that helps our clients achieve compliance on budget and on schedule. You will come to appreciate our Service, Integrity and Reliability which will be apparent to you from the very first call.
Certificate Directory
Lazarus Alliance maintains a public register for all certificates issued by the certifying body. The purpose of this registry is to enable third parties, who are in receipt of a certificate, to validate the legitimacy and currency of the document without having to contact a Lazarus Alliance representative.