Description: In this second episode in a series, we continue our discussion about the ISO process. In the first episode, we explored how to understand and pitch ISO 27001's value to firm management. In this session, we take a deeper dive into the actual process of applying for and achieving ISO 27001 certification. Topics include:
- What does the road map look like?
- What is the scope?
- Which offices are included in the scope?
- What resources do you need to assign?
- How long does it take?
- How to begin?
Mark Combs, the CIO at Steptoe & Johnson, has expertise in information security, technology, strategy, people and project management. He has provided leadership for all areas of IT including networking, telecommunications, PC and application support, project management and data center operations. With 18 years of healthcare IT experience, Mark has previously served in a number of management and security roles. He is a Certified Professional in Health Information and Management Systems and a Certified HIPAA Security Specialist.
John Verry, Pivot Point Security's Managing Partner, is an ISO 27001 Certified Lead Auditor. He established and directs Pivot Point Security's ISO 27001 practice area, focusing on the legal vertical. John helps law firms, e-discovery firms and service providers to law firms discover how ISO 27001 can reduce the security, compliance and attestation challenges that law firms are wrestling with, and gain ISO certification in a proven, efficient and fiscally sound process.