ISO IEC 27001/27002

An organization’s processes and assets change over time. As a result, any Information Security Management System implementation has to be reviewed regularly to ensure that the processes are growing according to the organizational needs and business.

Moreover, it is mandatory to renew Information Security Management System certification after a specific duration. As a result, organizations which have already been certified are required to periodically review their Information Security Management System systems to ensure that they are compliant with the regulations.

Keeping this in mind Appin has come up with an unique methodology to review existing Information Security Management System systems to ensure compliance management. The service includes a audits for processes as well as technology.

The various steps taken by Appin to ensure your compliance are:

  • A Technical Audit of your IT assets, including a comprehensive Vulnerability Assessment and Penetration Testing exercise for the IT assets of the organization. The IT assets usually include database servers, Exchange servers, web servers, application servers, firewalls, routers, and switches. Once all the IT assets have been audited a Risk Assessment sheet is prepared and provided to the client along with comprehensive and detailed reports for all IT assets along with patch recommendations. Unlike most other vendors, Appin considers patching up vulnerabilities as a part of the project. As a result, we provide detailed and customized patches for all found vulnerabilities and support the IT development team / IT vendors of the client to implement the patches. Once all the patches have been implemented, a regression test is conducted to ensure successful implementation of all patches and reduction in the Risk score of the organization
  • A Process Level Audit, which is a comprehensive review of the policies and standards deployed in the organization. This is done by reviewing the current documentation being used. Based on that, security policies are revised or new security policies are framed depending upon new changes in the structure or introduction of new processes in the organization.

Information Security Management System:

For a well organized and coordinated growth of the industry, standardization has become a necessity. With business having a global perspective the implementation of Information Security Management Systems (ISMS), in particular acknowledged standards like ISO 27001, becomes both ever more necessary and ever more popular.

In fact, an ISMS has almost become mandatory for organizations active in different parts of the globe since it ensures a strong factor of credibility in the minds of their customers and clients.

At Appin we implement an ISMS customized to your needs. Each client is unique, and thou we do have an over and again successfully employed framework to base your ISMS upon, the actual implementation is highly customized according to your needs. In fact, we are so confident in our ability to add value for you, and provide you with a sound, reliable and secure ISMS of global quality, that we guarantee you will pass an ISO 27001 certifying audit. We can even maintain the certification for you, taking care of all necessary logs and internal audits.

Why Appin Recommends ISO 27001 As the Benchmark for ISMS

ISO 27001 is a globally acknowledged standard defining the requirements for an Information Security Management System (ISMS). The standard considers Information Security as a combination of people, process, and technology.

The standard is globally acknowedged, comprehensive and widely acknowledged. It is also easily integrated with other standards of the ISO family, particularly with ISO 9001. ISO 20000, the service delivery standard, is easily plugged on.

That way ISO 27001 enables companies to measure the risk to their information and ensure the selection of adequate and proportionate security controls that protect information assets, thus enhancing confidence of the organization's stakeholders. At the same time ISO 27001 streamlines business processes and facilitates implementing other standards.

The Roadmap to your Certified Information Security Management System

1. Risk Assessment 

People, Processes, Technology. The assets on which your company is running. Are they secure? And thus, is your business secured?

Do you really know which are the risks your business is facing? How likely are those risks to happen? What can you do to mitigate those risks? These are the questions addressed in the Risk Assessment phase, by assessing the three critical pillars: People, Processes, Technology. On the technology front that includes Appin's world-class Vulnerability Assessment and Penetration Testing.

The results of the risk assessment are of crucial importance as they will form the basis for all policies, processes and security measures you will take. Guiding thoughts during this process include:

  • A prioritizing of potential business disruptions based upon severity and likelihood of occurrence.
  • The impact of various business disruption scenarios on both the organization and its stakeholders. During this step business processes and business impact analysis assumptions are stress tested with various threat scenarios.
  • The loss impact on information services, technology, personnel, facilities, and service providers from both internal and external sources.
  • The safety of critical processing documents and vital records.
  • A gap analysis comparing the institution's existing BCP, if any, to what is necessary to achieve recovery time and point objectives.
  • A broad range of possible business disruptions, including natural, technical, and human threats. Mind: If the threat scenarios developed are unreasonably limited, the resulting BCP may be ineffective.


During all these steps, an experienced Appin security expert guides and consults you to assure that your risk assessment will be conducted effectively, efficiently and will yield meaningful and actionable results.

2. Designing and Implementing Your Security Framework

Traditionally, organizations have relied on policies to communicate high – level directives from the management. These documents, once issued, provide top down influence for everyone in the company – from business units to departments to individual employees. Furthermore, these policies typically were developed at one time in the organization's evolution to capture the current environment. One of the major challenges for an organization in this area is the continued growth and adaptation of the policies to mirror the transformation within the organization.

This is where Appin has come with an unique methodology to design and implement the security framework.

3. Documenting Your Information Security Management System

Documentation and Certification is one of the most critical phases of any ISMS. Appin ensures that all relevant documentation required for ISMS are prepared and logs of relevant policies are maintained for at least one month before the external compliance audit takes place. 

The documentation includes 
  • Asset Register
  • Risk Assessment Matrix
  • Risk Treatment Plan
  • Information Security Management Policy
  • Procedure Manual
  • Business Continuity Plan
  • Disaster Recovery Plan

Details and scope of the documentation will depend on your requirements. And whatever these requirements are, we will help you to meet them


4. Acquiring and Maintaining Your ISMS Certification 

After an internal security audit of processes, people and technology, we coordinate with the certifying body and invite them to our client’s organization for an external audit and providing certification. Appin has tied up with Intertek, a globally renowned certification body for carrying out external audits and certifying the organization as ISO 27001 compliant.
And as promised you at the beginning we guarantee you will pass we can even maintain the certification for you, taking care of all necessary logs, internal audits and adjustments in your ISMS systems. Customized, easy, effective. Just according to your needs.