ISO/IEC 27001 ISMS Precertification Audit - January 2018
ISO/IEC 27001 ISMS Precertification Audit
Performed by Experis U.S., Inc.
Released January 2018
Download the Full Report here
Download the Report Highlights here
Atlanta Information Management (AIM) requested this audit to assess whether it's ISMS (Information Security Management System) is ready to meet certification requirements. ISO/IEC 27001:2013 is the internationally recognized information security management standard. It focuses on establishing and maintaining processes that allow effective and sustainable risk management as threats, risks, and controls change over time.
Performed by Experis U.S., Inc.
Released January 2018
Download the Full Report here
Download the Report Highlights here
Atlanta Information Management (AIM) requested this audit to assess whether it's ISMS (Information Security Management System) is ready to meet certification requirements. ISO/IEC 27001:2013 is the internationally recognized information security management standard. It focuses on establishing and maintaining processes that allow effective and sustainable risk management as threats, risks, and controls change over time.
We found:
- AIM and the Office of Information Security have strengthened information security since beginning the ISO 27001 certification project
- The current ISMS, however, has gaps that would prevent it from passing a certification audit
- Stakeholders perceive that the city is deploying security controls to protect information assets
- However, many processes are ad hoc or undocumented, at least in part due to lack of resources