ISO 27001 certification

In an age of disruption and transformation, risk continues to be top of mind for many organizations, particularly as they look to use their data and information in new ways to generate insights that support strategic decision making. To stay ahead and turn these risks into opportunities to better manage and protect their valuable data and information assets, ISO 27001 certification is a powerful way for organizations to build trust in their information security management system (ISMS).

This international standard uses a risk-based approach to minimizing threats to your information and communication technology assets and offers a framework for other IT requirements you may have in place. By following this path to preserving the confidentiality, integrity and availability of your business information, your customers, employees and other stakeholders can have peace of mind that your information security program covers security controls over people, processes and technology and is embedded in your business practices, goals and objectives.

Build trust in your information security management system

Our approach

While it offers many benefits, the journey to certification can be time-consuming, inconsistent and difficult to manage. It doesn’t need to be this hard.

We’ve developed a new approach to certification that lets you extract maximum value from the process. Our digital platform and streamlined methodology provide:

  • one source of truth through a single location for the collection, analysis and presentation of data

  • a plan focused on key objectives and relevant risks

  • real-time transparency, coordination and accountability over the progress and status of corrective actions

  • opportunities for discussions about remediation, continuous improvement and business performance, in the context of your broader business goals

Our team has extensive expertise in both evaluating and implementing information security management systems. Our certification work is conducted according to the ISO 17021-1 and ISO 27006 standards for certification of management systems, a standardized approach used by all accredited certification bodies. Through our broad expertise in technology control frameworks and third-party assurance standards, we can help you integrate your ISO 27001 controls into existing structures to create synergies in control performance and testing.

How we can help

Gap analysis, risk assessment, documentation

Our gap analysis approach will assess your organization’s current information security state against global leading practices and your intended future state. We offer a customized risk assessment service to help you identify and understand the risks most relevant to your business. Detailed outcomes are documented in the form of a risk treatment plan and a statement of applicability that conform to ISO 27001. We can also help with drafting and reviewing new and existing documentation.

Value-added internal audit services

Conducting internal audits to identify non-conformance with your ISMS framework and any non-compliance with legal, regulatory and/or contractual requirements is key to a successful information security plan. We offer a comprehensive, value-added internal audit service that helps highlight any management system issues and gives recommendations for improvement.

Information readiness assessment for formal accredited certification

The readiness assessment helps you understand how your organization would perform against the formal ISO 27001 accredited certification audits. It evaluates how your organization is performing against the standard and verifies your ISMS maturity.

Journey towards ISO 27001 certification

We offer certification and maintenance assessment services aligned with the ISO 17021 management system auditing standard so that your organization can be ISO 27001 certified.

Related services

  • ISO 9001 Quality Management System Standard
  • ISO 14001 Environmental Management System Standard
  • Programme for the Endorsement of Forest CertificationTM (PEFCTM) Chain of Custody Standard
  • Sustainable Forestry Initiative® (SFI®) Chain of Custody, Forest Management and Fiber Sourcing Standards
  • American Tree Farm System® (ATFS®) Forest Management Standard
  • CAN/CSA Z809 Forest Management Standard
  • Forest Stewardship Council® (FSC®) Chain of Custody and Controlled Wood Standards
  • ISO 14064 Parts 1, 2, and 3 Greenhouse Gas (GHG) Accounting and Verification

Contact us

Steven Raduy

Steven Raduy

Managing Director, Management System and Certification Services Lead, PwC Canada

Tel: +1 403 606 0245

Jaideep K. Khatau

Jaideep K. Khatau

Managing Director, Information Security Management Systems, PwC Canada

Tel: +1 604 806 7549

Kartik  Kannan

Kartik Kannan

BC Region Private Leader and Risk Assurance Partner, PwC Canada

Tel: +1 604 806 7082

Follow PwC Canada

Contact us

Peter Koch

Peter Koch

Partner, Risk Assurance Services, National Certification Services Lead, PwC Canada

Tel: +1 416 814 5899

Steven Raduy

Steven Raduy

Managing Director, Management System and Certification Services Lead, PwC Canada

Tel: +1 403 606 0245

Kartik  Kannan

Kartik Kannan

BC Region Private Leader and Risk Assurance Partner, PwC Canada

Tel: +1 604 806 7082

Jaideep K. Khatau

Jaideep K. Khatau

Managing Director, Information Security Management Systems, PwC Canada

Tel: +1 604 806 7549

Hide