- Company: South Carolina based manufacturing company with 412 employees.
- Specialty: Design, development, and manufacturing of technology products, primarily, next generation encrypted external/removable media hard drives and industry leading desktop gaming stations.
- Requirement: Needed ISO/IEC 27001 certification for their customers for whom they were ultimately manufacturing their products for.
- What We Provided: Successfully performed a gap assessment, developed all required security and operational policies and procedures, developed a customized continuous monitoring program, along with finding a credible ISO/IEC 27001 certification body with MorganHill’s ISO/IEC 27001 RFP services.
- End Result: Four months after completing all necessary pre-certification work, the organization obtained ISO 27001 certification from an accredited ISO ANAB body that we recommend to them.
Customer Testimonial: “MorganHill made it happen. They executed from day one and took us to the finish line in terms of ISO/IEC 27001. They were truly amazing to work with.”
Navigating the Complexities of FBI CJIS Security Policy: How MorganHill Consulting Group, LLC Can Guide You
In an era where data security is paramount, compliance with the FBI CJIS Security Policy has become a critical necessity for organizations handling criminal justice information (CJI). The FBI Criminal Justice Information Services (CJIS) Security Policy provides stringent guidelines to protect sensitive information and maintain the integrity of criminal justice operations. At MorganHill Consulting Group, LLC, we specialize in navigating these complexities, offering comprehensive consulting and advisory services to ensure your organization achieves and maintains compliance.
ISO/IEC 27002:2022 | 5.9 - Inventory of Information and Other Associated Assets
Per ISO/IEC 27002:20222 | 5.9 - Information Security in Project Management, “The organization should identify its information and other associated assets and determine their importance in terms of information security. Documentation should be maintained in dedicated or existing inventories as appropriate.”
ISO/IEC 27002:2022 | 5.12 - 5.13 - Classification & Labelling of Information
Per ISO/IEC 27002:20222 | 5.12 - Classification of Information, “Information should be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements. Additionally, per ISO/IEC 27002:2022 - Labelling of Information, “An appropriate set of procedures for information labelling should be developed and implemented in accordance with the information classification scheme adopted by the organization.”
ISO/IEC 27002:2022 | 5.10 - Acceptable Use of Information | Email Usage Policy
Per ISO/IEC 27002:20222 | 5.10 - Acceptable Use of Information and Other Associated Assets “Personnel and external party users using or having access to the organization’s information and other associated assets should be made aware of the information security requirements for protecting and handling the organization’s information and other associated assets.”
