ISO 27001 Certification

A-LIGN's ISO 27001 certification services offer a comprehensive solution for companies looking to demonstrate conformity of their Information Security Management System (ISMS) of the in-scope AWS services (EC2, S3, RDS, Lambda, VPC, CloudWatch Logs, etc.) with international standards. This certification provides assurance to customers and stakeholders that a company can manage the security of their digital and physical assets, reduce the likelihood and impact of security incidents, and identify issues through nonconformities.

A-LIGN's ISO 27001 certification services include ISO 27701 and ISO 22301 certification, readiness assessments, and gap assessments for those new to A-LIGN or moving from version 2013 to 2022. ISO 22301 pertains to business continuity management systems, while ISO 27701 integrates security obligations regarding personally identifiable information (PII) into an organization's ISMS and addresses GDPR concerns.

Completing an ISO 27001 assessment with A-LIGN automatically fulfills more than half the requirements for SOC 1, SOC 2, and HIPAA controls. A-LIGN offers a single-provider, end-to-end, automation + audit process with A-SCEND, allowing customers to do more with fewer resources and save time and money without adding headcount. A-LIGN has 2K+ ISO assessments, 20+ years of ISO audit experience, 4K+ global cybersecurity clients, and a 96% client satisfaction rating. A-LIGN helps build a compliance strategy, not just a transaction, by offering multiple frameworks and partnering with customers to understand their business resulting in less duplication of requests and less effort to complete the audit. A-LIGN also has an extensive network and proven track record of working with advisory partners who can help complete the readiness and implementation procedures.

ISO 27001 certifications are broken up into two stages to ensure that the organization's Information Security Management System (ISMS) meets the standard's requirements.

Stage 1 and Stage 2 Activities for ISO 27001 Certification:

Stage 1:

During Stage 1, A-LIGN will review the organization's ISMS documentation to ensure that it meets the requirements of ISO 27001. A-LIGN will also verify the organization's readiness for a Stage 2 audit. This stage is typically completed on-site, although it can also be done remotely.

The objectives of the Stage 1 audit include:

• Reviewing the organization's ISMS documentation
• Confirming that the documentation is complete and meets the requirements of ISO 27001
• Verifying the organization's readiness for a Stage 2 audit
• Providing feedback and recommendations to the organization on any areas that need improvement before the Stage 2 audit

Stage 2:

During Stage 2, A-LIGN will conduct a comprehensive audit of the organization's ISMS to ensure that it is being implemented effectively and is meeting the requirements of ISO 27001. This stage is typically completed on-site, although it can also be done remotely.

The objectives of the Stage 2 audit include:

• Evaluating the effectiveness of the organization's ISMS in meeting the requirements of ISO 27001
• Verifying the implementation of controls identified in the Stage 1 audit
• Assessing the organization's performance against its own policies and objectives
• Identifying any areas of nonconformity and recommending corrective actions
• Providing the organization with a report of the audit findings, including any nonconformities, observations, and recommendations for improvement.

The two-stage approach provides a systematic and thorough assessment of the organization's ISMS, allowing any deficiencies to be identified and remedied before certification. This approach ensures that the certification process is rigorous and that the organization's ISMS meets the requirements of ISO 27001.

For custom pricing and audit packaging or demo, please contact aws-marketplace@a-lign.com