ISO 27001 Compliance - Fractional CISO

ISO 27001 Compliance Services

We’ll lead your ISO 27001 compliance project, so you can earn your certification without giving up focus on business growth.

Why ISO 27001?

ISO 27001 is a cybersecurity certification created and maintained by the International Organization for Standardization (ISO). It is a somewhat rigid set of controls that, when properly implemented by any given organization, will ensure a good level of cybersecurity.

Many business-to-business customers are now demanding that their suppliers have strong cybersecurity programs – they will refuse to do business with vendors that can’t prove their security. Some are even requiring that their vendors obtain an ISO 27001 certification to provide proof and assurance that best practices are being followed.

This is particularly true in Europe, while SOC 2 is the preferred compliance standard in North America. However, many American companies are beginning to request ISO 27001 from their vendors now too.

How to get an ISO 27001 certification?

To get an ISO 27001 certification, an organization must build a cybersecurity program that meets the standard, then complete an audit with an ISO 27001-certified auditor.

If you’re already SOC 2 compliant, then your security program is in pretty good shape and earning an ISO 27001 certification will be more about small tweaks and creating lots of ISO 27001-specific documentation.

If you aren’t already SOC 2 compliant, then there will likely be a number of gaps in your cybersecurity program that need to be filled. Additionally, lots of ISO 27001 documentation will need to be created.

This takes some specialized talent and information, which few growing and midsize companies have access to.

Enter Fractional CISO

Fractional CISO (Chief Information Security Officer) helps organizations earn their ISO 27001 certification by providing them with a cybersecurity team consisting of an experienced Virtual CISO and a skilled cybersecurity analyst.

Fractional CISO plugs this cybersecurity team into your organization, giving you additional talent and bandwidth needed to build out a cybersecurity program and earn an ISO 27001 certification while reducing the overall cybersecurity workload that existing personnel are required to do.

Fractional CISO helps companies earn their ISO 27001 certification from start to finish, including the following services (and more!):

1Audit Preparation

Write the Statement of Applicability, risk treatment plan, and all other policies, procedures, and documentation required for ISO 27001.
Drive security program improvements, edit Information Security Management System (ISMS), and run management meetings
Select auditor, plan audit project, and scope project - including selection of included locations.

2Audit Management

3Ongoing Compliance

Help with Corrective Action Plan, monitor and measure audit results, fulfill risk treatment plan, and all other periodic security controls.
Provide ongoing compliance and security advice, recommend and help update all documentation as business continues to grow and evolve
Continue participation in all regular ISO 27001 Stage 2 audits going forward.

Want a case study?

This case study is about one of our SOC 2 clients, WayPath Consulting. While SOC 2 and ISO 27001 aren’t identical, the services we provide are similar to each. This case study will help you understand our methodology and the positive impact we have on companies when we help them improve their security programs and complete cybersecurity audits.

What our Clients are Saying

Fractional CISO analyzed our environment and made great security recommendations right away. Our technical team implemented many of their suggestions resulting in significantly reduced cybersecurity exposure within three months of starting the relationship. Thank you, Fractional CISO!

Lorna J. CFO Non-Profit Trade Group

Many of our enterprise customers were looking for assurance on how one of our new features works and that it is operating in a secure manner. We hired Fractional CISO in part to create a cybersecurity whitepaper to explain how our new feature is secure. They did an amazing job, resulting in better customer acceptance of the feature and we continue to work with them in other areas and departments of the company to review security.

Mehul A. VP Product and Engineering
Technology Company

We needed to improve our cybersecurity program to protect our rapidly growing business. Fractional CISO quickly integrated themselves with our team. They were able to provide great guidance for our security and privacy programs.

John P. CIO SaaS Company

We get a large number of customer security questionnaires. Fractional CISO has helped us respond effectively while creating a library of answers and building out our cybersecurity program. They even handle customer calls with our clients when they have cybersecurity questions.

Carl G. CEO SaaS Company

Our cybersecurity program has gotten off to a terrific start with the help from Fractional CISO. They’ve created and customized policies, helped us find and evaluate key vendors and assisted us in reducing risk, all in the first few months of our engagement!

Jeff H. CTO Consulting Company

One of our large financial services customers had a lot of security demands and we needed quick action. I emailed Fractional CISO in the middle of the night and seven hours later, we were a client! Now, as our security partner, Fractional CISO is helping us to manage this and other customers and their security expectations. They are also assisting us with maintaining our security program including assisting with SOC 2 and ISO 27001.

Mark H. CEO SaaS Company

We now have a SOC 2 program in place! Fractional CISO got us from start to a SOC 2 Type 1 Attestation Report in just a few months. They helped us put the controls in place, helped us make process changes and are now helping us maintain the program.

Scott M. CEO Life Sciences Company

Fractional CISO helped us get a handle on our cybersecurity program. We now have a stronger compliance program for both ISO 27001 and GDPR and are able to better manage our cybersecurity risk.

Richard L. CIO Consulting Company

Fractional CISO was instrumental in helping us build and execute our cybersecurity plan. We now are operating at a lower risk level and we are able to close more deals due to our better cybersecurity profile.

Jeff D. COO Fintech Provider