IT Consulting Case Studies
Information Security Management certification - ISO/IEC 27001:2005 - for a datacentre and business continuity company
To provide a high level of assurance to its clients, our client was striving to become ISO 27001 certified for information security management. The client has requested PwC to perform the complete lifecycle of this standard certification process including the trial, certification and surveillance audits for the whole organisation, composed of multiple resilience datacentres.
- Conduct a trial audit preceding the formal certification audit in order to assess the essential elements of the ISO 27000 providing guidance on implementation and compliance
- Conduct the certification audit, divided into the documentation and implementation phases to review the Information Security Management System (ISMS) and gather evidences of its implementation
- Conduct multiple surveillance audits according to the certification lifetime of 3 years, to ensure continuous ISO compliance of the ISMS
The complete audit process led to the ISO/IEC 27001:2005 certification and ensured its continuous compliance.