Stage 1 – Information Security & ISO/IEC 27001 Readiness Assessment
Worldwide
Scope of Assessment The successful applicant will conduct an independent desktop assessment of the organisation's Information Security Management System (ISMS), governance framework, security documentation, technical controls and supporting evidence. The assessment will evaluate whether the organisation's information security arrangements are appropriately designed, implemented and supported by sufficient evidence to satisfy the expectations of enterprise customers undertaking supplier security due diligence. The review will include, where available, the following: 1. Information Security Governance Review the organisation's ISMS governance documentation, including: Information Security Policy ISMS Scope Information Security Objectives Risk Assessment Methodology Risk Register Risk Treatment Plan Statement of Applicability (if available) Legal and Regulatory Requirements Internal Audit Programme (if available) Management Review Records (if available) 2. Security Policies and Procedures Review the organisation's documented security policies and procedures for completeness, suitability and alignment with recognised information security good practice, including: Information Security Acceptable Use Access Control Password Management Encryption Asset Management Data Classification Data Retention and Disposal Risk Management Supplier Security Incident Response Business Continuity Disaster Recovery Backup and Recovery Change Management Vulnerability Management Secure Configuration Logging and Monitoring Cloud Security Network Security Mobile Device and Remote Working Physical Security Security Awareness and Training 3. Technical Security Controls Review available technical evidence, including: Identity and Access Management (Microsoft Entra ID / Azure AD) Single Sign-On (SSO) Multi-Factor Authentication (MFA) Conditional Access Endpoint Security Device Encryption Secure Configuration Asset Inventory Vulnerability Scan Reports Penetration Testing Reports Patch Management Backup Configuration and Restore Testing User Access Reviews Audit Logging and Monitoring 4. Supplier Assurance and Data Protection Review documentation supporting supplier assurance and regulatory compliance, including: Supplier Due Diligence Questionnaires Security Questionnaires Supplier Risk Assessments Data Processing Agreements Privacy Documentation UK GDPR Compliance Documentation Records of Processing Activities (where applicable) 5. Operational Security Review evidence demonstrating that information security controls are operating effectively, including: Security Awareness Training Incident Management Records Risk Reviews Change Management Records Access Review Evidence Vulnerability Remediation Corrective Actions Supplier Review Records Security Governance Activities Assessment Criteria The assessment should be benchmarked against recognised industry standards and good practice, including: ISO/IEC 27001:2022 ISO/IEC 27002 UK GDPR Cyber Essentials NCSC Cyber Assessment Framework (where applicable) Common enterprise supplier security due diligence practices
$400.00
Fixed-price- ExpertExperience Level
- Remote Job
- One-time projectProject Type
Skills and Expertise
Activity on this job
- Proposals:15 to 20
- Last viewed by client:2 days ago
- Interviewing:4
- Invites sent:10
- Unanswered invites:6
About the client
- United KingdomBournemouth10:02 PM
- $31K total spent75 hires, 5 active
- 221 hours
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by