ISO 17799/27002 Compliance Program
The roadmap to comprehensive and cost effective security

SystemExperts's ISO 17799/27002 Compliance Program is a structured methodology designed to help companies build comprehensive and cost effective enterprise security programs, ensuring that security resources are applied wisely, and efforts are focused on activities that will reduce real business risk. See our ISO Compliance Service announcement here

For years, organizations have been searching for an objective benchmark to measure the security of potential business partners and to distinguish the quality of their own services. ISO 17799/27002 is an international standard that defines an overarching security framework consisting of 133 specific controls organized around 36 control objectives. This balanced framework serves as the basis for both measuring an organization's effectiveness in addressing risk and structuring an organization's overall security program. Because ISO 17799/27002's requirements are largely a superset of other major regulations, achieving ISO 17799/27002 compliance positions most organizations to be well on their way to meeting the requirements of Sarbanes Oxley, Gramm-Leach-Bliley, HIPAA, and other pertinent regulations.

The ISO 17799/27002 Compliance Program consists of four parts: education, assessment, remediation, and communication. The education phase allows organizations to understand how the standard applies in the context of their unique business environment and risks. The assessment compares the company's practices to those specified in the standard. Next, the remediation phase allows companies to implement recommendations resulting from the assessment and achieve a level of compliance with the standard. After remediation is complete, SystemExperts provides a Compliance Statement for organizations to use with third parties to demonstrate their compliance with the standard. At each step, SystemExperts helps the organization identify security measures that address risks in a cost-effective manner.

SystemExperts's ISO 17799/27002 Compliance Program provides the following:

• Encourages organizations to develop a security program that integrates business and technology

• Helps to identify and prioritize specific tasks to improve security and achieve compliance

• Focuses on activities that reduce real business risk

• Positions companies to meet the security requirements of Sarbanes Oxley, Gramm-Leach-Bliley, HIPAA, and other pertinent regulations

• Improves cross-functional (e.g. Legal, HR, lines of business) cooperation on security matters

• Identifies deficiencies in security areas that are often overlooked

• Encourages organizations to develop a balanced view of security that includes secure business processes, well designed policies, and appropriate use of technology

• Communicates to prospective customers, business partners, board members, employees, and regulators that the organization has a comprehensive security program in place