ISO 27001 CERTIFICATION

ISO 27001 Certification

Achieving ISO27001 certification remains the most widely recognised way for an organisation to demonstrate that they take the issue of information security seriously and that they are a business that a customer or business partner can trust.

Eporedia offers a full range of ISO 27001 services, from initial assessment of an organisation’s existing Information Security Management System (ISMS), to full ISO 17799 / ISO 27001 implementation programmes.

ISO 27001 and PCI DSS Compliance

Many companies are driven towards achieving PCI DSS compliance through necessity, however they soon realize that by also becoming ISO27001 certified at the same time they can achieve long-term compliance and implement not only the ‘quick fixes’ identified by the PCI DSS gap analysis, but also a complete culture change towards IT security within their business.

It is important to remember that achieving PCI DSS compliance at any given point in time does not meant to say your systems would be compliant at the time of a security breach. Heartland Payment Processing achieved compliance in early 2008 and announced a breach of 250,000 merchant accounts in January 2009.

Eporedia therefore recommend that any PCI DSS Compliance initiative be ISO27001 driven. With PCI DSS requirements kept in scope, a 27001-driven Compliance program can easily achieve PCI DSS compliance, and also presents a number of key benefits. The basic objective of the standard is to help establish and maintain an effective information management system, using a continual improvement approach. A Joint Security Team (JST) is established, which acts as the governing body not only for core compliance issues, but all other areas of information security within the organisation and its main 3rd party suppliers. This central body meets regularly to review all notable developments within the business with regards to cardholder data, and information security. Regular reviews by this group ensure that not only is PCI DSS compliance achieved but it is also maintained.

Eporedia will help you understand the both the ISO27001 and the PCI standards and specifically the spirit behind them, enabling you to make a informed decision as to the applicability of each control. We can help you prepare for your audit with our in-depth knowledge of the standards and the certification process.