Skip to main content
Hardware Case Study
  • Company: Arizona based hardware assembly company with 645 employees.

  • Specialty: Builds and white labels a wide-range of computer parts for the broader general public.

  • Requirement: Large retailer (Best Buy) required ISO 2701 certification before the company was allowed to integrate into Best Buy’s internal systems for purposes of billing and logistics activities. Additionally, the organization was required to add ISO/IEC 27701 as an extension within their ISO/IEC 27001 certification. This required establishing a Privacy Information Management System (PIMS).

  • What We Provided: Successfully performed a gap assessment, developed all required security and operational policies and procedures, developed a customized continuous monitoring program.

  • End Result: Obtained ISO 27001 certification from an accredited ISO body that we recommend to them.

Customer Testimonial: “Great company with excellent consultants who knew the ISO/IEC 27001 process inside and out.”

Talk to MorganHill today and Get the Answers You Need

Scope: We'll help you define important scoping parameters.

Documentation: We'll help you develop all required policies and procedures.

Guidance: We'll guide you through the ISO/IEC process from start to finish.

One Price: Our fees for all services are fixed.

Wherever you are in North America, Europe, Africa, or Asia, MorganHill is ready to assist.

Expertise: Since 2006, we have been an industry leader for ISO/IEC.

Knowledge: We've worked with every ISO/IEC standard currently in print.

Industry: We've worked in every major industry/sector.

Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input

In an era where data security is paramount, compliance with the FBI CJIS Security Policy has become a critical necessity for organizations handling criminal justice information (CJI). The FBI Criminal Justice Information Services (CJIS) Security Policy provides stringent guidelines to protect sensitive information and maintain the integrity of criminal justice operations. At MorganHill Consulting Group, LLC, we specialize in navigating these complexities, offering comprehensive consulting and advisory services to ensure your organization achieves and maintains compliance.

Per ISO/IEC 27002:20222 | 5.9 - Information Security in Project Management, “The organization should identify its information and other associated assets and determine their importance in terms of information security. Documentation should be maintained in dedicated or  existing inventories as appropriate.”

Per ISO/IEC 27002:20222 | 5.12 - Classification of Information, “Information should be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements. Additionally, per ISO/IEC 27002:2022 - Labelling of Information, “An appropriate set of procedures for information labelling should be developed and implemented in accordance with the information classification scheme adopted by the organization.”

Per ISO/IEC 27002:20222 | 5.10 - Acceptable Use of Information and Other Associated Assets “Personnel and external party users using or having access to the organization’s information and other associated assets should be made aware of the information security requirements for protecting and handling the organization’s information and other associated assets.”