ISO/IEC 27001 CERTIFICATION

AIT provides ISO 27001 Certifications to organizations that are ready to undergo their ISO audit. ISO 27001 is the internationally recognized standard that outlines the requirements for constructing a risk-based framework to initiate, implement, maintain, and manage information security within an organization. The standard, based on the Plan-Do-Check-Act model (PDCA), defines what an information security management system (ISMS) is, what is required to be included within the ISMS, and how management should form, monitor, and maintain the ISMS.

ISO 27001 Certification Service include:

N

Independent assessment to validate that the management system conforms to ISO standard

N

Formal reports at the conclusion of each stage of the certification and surveillance review

Independent SOC assessments have become an important part of building trust between service providers and their clients. SOC 1 engagements are performed in accordance with Statement on Standards for Attestation Engagements (SSAE) 18, Reporting on Controls at a Service Organization. SOC 1 reports focus solely on controls at a service organization that are likely to be relevant to an audit of a user entity’s financial statements. SOC 2 and SOC 3 engagements address controls at the service organization that relate to operations and compliance.

Certification Process

Initial Certification Review – Stage 1

Stage 1 is a preliminary informal review of the ISMS. This is typically performed onsite at the client location, and consists of a review of the key policy and process documentation.

Initial Certification Review – Stage 2

Stage 2 of the certification review is a more detailed and formal compliance audit. This is performed onsite at the client location(s) and includes in-depth testing to validate that the ISMS framework has been implemented, is monitored, and is maintained per ISO 27001 standard requirements and internal policies and procedures. Passing this stage results in the ISMS being certified compliant with ISO 27001.

Surveillance Audits

ISO 27001 certificates are valid for a three-year term. During this period a series of reviews called surveillance audits are required to be completed. These should take place at least annually but are often conducted more frequently, particularly while the ISMS is still maturing. A surveillance audit includes an onsite review to determine if any material changes have been made to the ISMS and limited testing to confirm that the organization is continuing to following the framework and controls.

SOC 2 reports specifically address one or more of the following five key system attributes / domains:

  • Security – The system is protected against both physical and logical unauthorized access
  • Availability – The system is available for operation and use as committed or agreed
  • Processing integrity – System processing is complete, accurate, timely and authorized
  • Confidentiality – Information designated as confidential is protected as committed or agreed
  • Privacy – Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles (GAPP) issued by the AICPA and CICA

SOC 2 Services include:

  • Gap Assessments – assess the controls in place to meet the Trust Services Principles and Criteria with the goal to ensure preparedness for the SOC 2 examination and help mitigate the risk of a qualified opinion or reporting exceptions.
  • SOC 2 Type 1 – Report on the service organization’s operational controls pertaining to the suitability of the design of controls intended to meet the selected Trust Services Principles and Criteria as of a point in time.
  • SOC 2 Type 2 – Report on the service organization’s operational controls pertaining to the suitability of the design and operating effectiveness of controls intended to meet the selected Trust Services Principles and Criteria over a specific period of time.

Get in Contact

No matter the budget, we pride our self on providing professional customer service. We guarantee you will be satisfied with our work. Our goal is to provide an experience that is tailored to your company’s needs.