ISOIEC27001ComplianceRequestforQuote.docVIP

ISO/IEC 27001 Compliance Request for Quote Company Name: Which of the following does your organization need to consider in addition to ISO/IEC 27001? SAS 70 Six Sigma SSE CMM Penetration Tests CobIT FISMA ISO 9001 PCI Common Criteria Other: Which of the following standards does your organization need to comply with? Sarbanes-Oxley Act of 2002 California SB 1386 COPPA HIPAA European Data Protection FISMA Export Administration Regulations ISO/IEC 13335 PDD 63 Gramm Leach Bliley Act (GLBA) PCI DSS 1.1 Other Which of the following goals do you hope to achieve with ISO/IEC 27001 compliance? Prepare for ISO/IEC 27001 certification Improve overall security Meet customer requirements Meet legislative requirements Reduce the number of audits Adhere to company policy Reduce insurance cost Other: The ISMS scope defines the boundaries of the entity seeking to become ISO/IEC 27001 compliant. Examples of scopes can be found at: /ISMSscopes.htm. What is the scope of the proposed ISMS? How many sites will be part of the ISMS scope? What is the total number of employees at the sites included in the ISMS scope? Is your management committted to achieving and maintaining ISO/IEC 27001 compliance? Yes No What percentage of employees in the organization whose ISMS will be examined are familiar with ISO/IEC 27001? Very familiar and have some experience with ISO/IEC 27001: % Familiar, but do not have experience: % Not familiar: % Which of the following practices are used in your organization? Processes/Procedures Document management Record retention and record management processes Risk assessment Incident management process Programs Ongoing risk assessment Internal audit program Which of the following documents and records are available in your organization? ISMS Required Documents Management policy Scope of ISMS Risk assessment methodology Recent assets list document Statement of Applicability (SOA) Records Nonconformities Preventative