ISO 27001

Biotech Case Study

Company: California based healthcare company with 128 employees.
Specialty: Specialized product use for assessing tumor growth with minimally invasive techniques.
Requirement: Needed ISO/IEC 27001 certification for one of North America’s largest healthcare providers who wanted to introduce the product to medical practitioners for mitigating acute healthcare costs.
What We Provided: Successfully performed a gap assessment, developed all required security and operational policies and procedures, developed a customized continuous monitoring program, along with finding a credible ISO 27001 certification body with MorganHill’s ISO 27001 RFP services.
End Result: Five months after completing all necessary pre-certification work, the organization obtained ISO/IEC 27001 certification from an accredited ISO ANAB body that we recommend to them.

Customer Testimonial: “MorganHill delivered the project on time, within budget, and put us in touch with a certification body that was a great fit for our company.”

Related Case Studies

Health Technology Case Study

Cybersecurity Case Study

Manufacturing Case Study

Healthcare Case Study

Talk to MorganHill today and Get the Answers You Need

Scope: We'll help you define important scoping parameters.

Documentation: We'll help you develop all required policies and procedures.

Guidance: We'll guide you through the ISO/IEC process from start to finish.

One Price: Our fees for all services are fixed.

Wherever you are in North America, Europe, Africa, or Asia, MorganHill is ready to assist.

Expertise: Since 2006, we have been an industry leader for ISO/IEC.

Knowledge: We've worked with every ISO/IEC standard currently in print.

Industry: We've worked in every major industry/sector.

Per ISO/IEC 27002:20222 | 5.9 - Information Security in Project Management, “The organization should identify its information and other associated assets and determine their importance in terms of information security. Documentation should be maintained in dedicated or existing inventories as appropriate.”

ISO/IEC 27002:2022 | 5.12 - 5.13 - Classification & Labelling of Information

Per ISO/IEC 27002:20222 | 5.12 - Classification of Information, “Information should be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements. Additionally, per ISO/IEC 27002:2022 - Labelling of Information, “An appropriate set of procedures for information labelling should be developed and implemented in accordance with the information classification scheme adopted by the organization.”

ISO/IEC 27002:2022 | 5.10 - Acceptable Use of Information | Email Usage Policy

Per ISO/IEC 27002:20222 | 5.10 - Acceptable Use of Information and Other Associated Assets “Personnel and external party users using or having access to the organization’s information and other associated assets should be made aware of the information security requirements for protecting and handling the organization’s information and other associated assets.”

ISO/IEC 27002:2022 | 5.11 - Return of Assets Policy

Per ISO/IEC 27002:20222 | 5.11 - Return of Assets, “Personnel and other interested parties as appropriate should return all the organization’s assets in their possession upon change or termination of their employment, contract or agreement.”

Expertise

Who We Are

ANAB Notice

Industries Served

Phase I

Phase II

Phase III

Phase IV

Phase V

Phase VI