Without an information security management system (ISMS) approach to policies and procedures, your well-intentioned internal controls may leave your financial data, intellectual property and employee records – and that of your clients – at risk.
The ISO/IEC 27001 framework represents the global gold standard for certifying that you have an ISMS process in place that effectively identifies material risks confronting digital information and paper records and ensures that a comprehensive suite of controls is created to address those risks.
The recently created ISO/IEC 27701 standard provides guidance for implementation, maintenance and continual improvement of an organization’s Privacy Information Management System (PIMS). A PIMS ensures effective management of personal data within a business.
Smith and Howard is among a very few full-service accounting and advisory firms in the U.S. accredited by the ANSI-ASQ National Accreditation Board (ANAB) to help your organization attain ISO 27001 certification. We are in the process of gaining the ability to perform ISO 27701 certification.
How we help
Smith and Howard’s transparent, project-management approach means we will map out each stage of your path to implementation, from a risk assessment that will define information security policies and ISMS scope to the compliance audit and interim assessments in years two and three. You’ll be clear and confident in the process before we get started. Once in progress, we stay true to our personal, responsive nature and communicate throughout so that you know where we are in the process and what’s next.
The process an accredited certification body brings to ISO 27001 / ISO 27701 certification is vital to you reaping the rewards of the commitment to a security and privacy framework.
An attestation from a full-service CPA firm offers your organization, as well as your clients and business partners, the highest level of assurance that your ISMS approach has been examined critically and independently. As an accredited certification body providing ISO 27001 audits and certifications, we cannot provide you with management consulting, technology, implementation, or managed services to ensure impartiality (although certain tax work does not pose a conflict of interest). As an additional benefit, our ISO 27001 recommendations will serve as a foundation that helps your organization avoid potentially substantial non-compliance fines related to other data privacy laws and regulations, such as SOC 2 and HIPAA.