ISO 27000

ISO 27000 includes a series of international standards that provide a model for establishing, operating, maintaining, and improving an Information Security Management System (ISMS). ISO 27001 provides specific best practices for ISMS, which incorporate the information security requirements of many other regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act of 2002 (SOX), the California Senate Bill 1386, and the Federal Information Security Management Act (FISMA). ISO 27005 extends ISO 27001, providing a risk management framework in which to implement and manage an effective Information Risk Management (IRM) strategy.

Neohapsis IRM Services provide a top-down, integrated approach, supported by proven governance models, risk management process models, and the NeoGRC ISO 27000 framework. The combination of Neohapsis’ consulting experience, the advanced research capabilities of Neohapsis Labs, and leading technology gives Neohapsis’ customers the ability to implement governance, risk, and compliance (GRC) initiatives that enable business resilience and agility and lower ongoing compliance costs.

The NeoGRC ISO 27000 Framework

ISO 27000 certification is performed by a credited third party through a defined process that includes the assessment of internal controls management and reporting, risk assessment, remediation and improvement, documentation, and audit practices. The NeoGRC ISO 27000 framework supports these activities through: