Stage 1 – Information Security & ISO/IEC 27001 Readiness Assessment

Posted 2 days ago

Worldwide

Summary

Scope of Assessment The successful applicant will conduct an independent desktop assessment of the organisation's Information Security Management System (ISMS), governance framework, security documentation, technical controls and supporting evidence. The assessment will evaluate whether the organisation's information security arrangements are appropriately designed, implemented and supported by sufficient evidence to satisfy the expectations of enterprise customers undertaking supplier security due diligence. The review will include, where available, the following: 1. Information Security Governance Review the organisation's ISMS governance documentation, including: Information Security Policy ISMS Scope Information Security Objectives Risk Assessment Methodology Risk Register Risk Treatment Plan Statement of Applicability (if available) Legal and Regulatory Requirements Internal Audit Programme (if available) Management Review Records (if available) 2. Security Policies and Procedures Review the organisation's documented security policies and procedures for completeness, suitability and alignment with recognised information security good practice, including: Information Security Acceptable Use Access Control Password Management Encryption Asset Management Data Classification Data Retention and Disposal Risk Management Supplier Security Incident Response Business Continuity Disaster Recovery Backup and Recovery Change Management Vulnerability Management Secure Configuration Logging and Monitoring Cloud Security Network Security Mobile Device and Remote Working Physical Security Security Awareness and Training 3. Technical Security Controls Review available technical evidence, including: Identity and Access Management (Microsoft Entra ID / Azure AD) Single Sign-On (SSO) Multi-Factor Authentication (MFA) Conditional Access Endpoint Security Device Encryption Secure Configuration Asset Inventory Vulnerability Scan Reports Penetration Testing Reports Patch Management Backup Configuration and Restore Testing User Access Reviews Audit Logging and Monitoring 4. Supplier Assurance and Data Protection Review documentation supporting supplier assurance and regulatory compliance, including: Supplier Due Diligence Questionnaires Security Questionnaires Supplier Risk Assessments Data Processing Agreements Privacy Documentation UK GDPR Compliance Documentation Records of Processing Activities (where applicable) 5. Operational Security Review evidence demonstrating that information security controls are operating effectively, including: Security Awareness Training Incident Management Records Risk Reviews Change Management Records Access Review Evidence Vulnerability Remediation Corrective Actions Supplier Review Records Security Governance Activities Assessment Criteria The assessment should be benchmarked against recognised industry standards and good practice, including: ISO/IEC 27001:2022 ISO/IEC 27002 UK GDPR Cyber Essentials NCSC Cyber Assessment Framework (where applicable) Common enterprise supplier security due diligence practices

  • $400.00

    Fixed-price
  • Expert
    Experience Level
  • Remote Job
  • One-time project
    Project Type
Skills and Expertise
Mandatory skills
Information Security Consultation
Activity on this job
  • Proposals:15 to 20
  • Last viewed by client:2 days ago
  • Interviewing:
    4
  • Invites sent:
    10
  • Unanswered invites:
    6
About the client
Member since Nov 18, 2013
  • United Kingdom
    Bournemouth10:02 PM
  • $31K total spent
    75 hires, 5 active
  • 221 hours

Explore similar jobs on Upwork

Security and Compliance SpecialistFixed-price‐ Posted 2 weeks ago
Network Security
Information Security
Penetration Testing
Security Analysis
B2B Sales Partner for CybersecurityHourly‐ Posted 2 weeks ago
B2B Marketing
Sales
Outbound Sales
Telemarketing

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo