ISO/IEC 27001 Assessments

International Standard for Information Security

ISO 27001

The International Organization for Standardization (ISO) is an international standard-setting body composed of representatives from various national standards organizations, and which promotes worldwide proprietary, industrial and commercial standards. ISO/IEC 27001:2013 (“ISO 27001”) is the standard that describes best practices and security controls for an information management system. Accredited certification to ISO 27001 demonstrates that an organization is following information security best practices, against an internationally-recognized standard.

About The Standard

For organizations that are not otherwise obliged to follow an industry-specific accreditation standard, ISO 27001 provides an excellent framework for ensuring a secure information processing baseline. And while accreditation against ISO 27001 is not obligatory, a rigorous application of the standard can help small, medium and large businesses in any sector keep information assets secure. The standard addresses a number of aspects of organizational security, including:

  • Organizational context
  • Leadership, including policy and roles
  • Planning, including risk assessment
  • Security resources, including skills and documentation
  • Operations management
  • Performance assessment, including audit and review
  • Continuous process improvement

Achieving Accreditation

Ultimately, compliance with ISO 27001 requires assessing information systems against 114 specific controls in 18 different control families. The resulting security documentation becomes a living set of artifacts that must be continuously updated as systems are modified or upgraded. The process of working through these controls in a reproducible and documented fashion requires an experienced security assessor. Aerstone can help your organization prepare for an ISO 27001 audit, and help ensure the achievement of an accreditation that signals a strong commitment to security to your employees, customers, and partner organizations.

Services By Type




Services By Environment



Our Experience Sets Us Apart

Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.
We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with
security professionals across the military, intelligence community, civilian government, and private industry.

Contact our sales team at for more information.