HighGate’s compliance experts can help make your site ISO 27001 compliant
HighGate’s advanced penetration tests and testers will support your ISO 27001 certification, conformity and re-certification.
ISO 27001 can be an important milestone in the growth of a company. The loss of that certification can be very damaging to a brand.
HighGate provides the penetration testing necessary to support ISO 27001 conformity and certification and identify threats and vulnerabilities to ensure our clients remain compliant.
What is ISO 27001?
ISO 27001 Information Security Management Systems is a certification standard from the International Standards Organization (ISO).
Accredited certification to ISO/IEC 27001 standards satisfies existing and potential customers that an organization has determined and implemented best-practice information security processes. ISO 27001 is the only auditable international standard that defines the requirements of an Information Security Management System (ISMS) which is a set of policies, procedures, processes and systems that manage information risks.
The ISO process requires that companies compliant with ISO 27001 must continuously test and asses the ISMS for new vulnerabilities or weaknesses that can emerge from changes to a system’s architecture, upgrading of software, integration of new hardware of other significant changes. HighGate’s code reviews, IT architecture reviews and compliance testing can be well utilized.
Within ISO 27001, Control measure 14.1.1, Information security requirements analysis and specification and control measure A.12.6.1 – Technical vulnerability management are areas where the ISO process recommends anticipating vulnerabilities and testing for them.
While there are no stated requirements for penetration testing in ISO 27001 as mentioned above, there are several control measures where penetration testing will help a company achieve 27001 certifications as well as help satisfy it’s use of “best practices” in implementing the ISMS.
What about E-Commerce?
Businesses that deploy E-commerce solutions (most big retailers and online-only businesses) can use web application penetration testing as a way to determine the degree to which a web application is protected or not from fraudulent activity or unauthorized disclosure. In addition, companies utilizing e-commerce must be PCI DSS 3.2 compliant, and that compliance standard mandates penetration testing, requiring the business to conduct penetration testing by a certified auditor.
Businesses that rely on the Internet for critical activities (supply-chain, e-commerce, customer communications, customer applications ) could be exposed to many cyber dangers.