The ACP is an impartial evaluation. BSI follows ISO 27006 accreditation rules very closely. The registration process is in no way linked to these activities. It is important to note that recognition is not an endorsement of any single associate consultant, and does not indicate that using an ACP-listed organization would make the certification audit any easier for the client, but is to help to contribute to the clean up in the consulting industry by providing a list of consultants who BSI believes are credible and offer an acceptable service in terms of value and performance.
BEW Global
BEW Global provides organizations a process based approach to risk management focusing in the areas of information security, regulatory compliance and business continuity. Our team designs and implements innovative solutions that optimize operations while delivering seamless security and risk reduction.
Our ISO/IEC 27001 practice area specializes in helping organizations plan, build and maintain comprehensive Information Security Management Systems (ISMS) based upon the ISO/IEC 27001 standard. The ISMS serves as an overlay for multiple data protection regulations such as Sarbanes-Oxley, PCI, HIPAA, GLBA, EU Data Protection Directive and many other security compliance initiatives your organization may encounter. With offices in North America, Europe and Asia, our team is positioned to assist our clients and address projects on a global scope. To learn more about BEW Global, please visit our website or call +1 720 227 0990.
Churchill & Harriman
Churchill & Harriman (C&H) was founded in 1986, and was the very first approved ISO/IEC 27001 Associate Consultancy by BSI. C&H provides Enterprise Risk Mitigation Solutions for enterprise security, privacy, and compliance. Headquartered in Princeton, NJ, C&H has subject matter experts with knowledge and experience in risk mitigation, privacy, compliance, disaster recovery & business continuity, corporate risk governance & industry regulations. The very first ISO/IEC 27001:2005 certificate awarded in the U.S. was to a C&H client, for whom we performed pre-certification consulting. C&H has a 100% success rate in having clients certified to ISO/IEC 27001:2005 to date. We have provided risk mitigation services to the largest bank in the United Sates, an institution which settles over $ 1.5 quadrillion of securities every year, and industry governing bodies.
With several certified ISO Lead Assessors, C&H is uniquely qualified to offer Risk Mitigation and Information Security Management Systems (ISMS) advisory services, training, and meticulous ISO/IEC 27001 pre-certification consulting and risk assessments. These services address requirements related to FFIEC, OCC, CISP/PCI, Shared Assessments Program, GLBA, FDA, HIPAA, and SOX, amongst others. C&H has conducted over 600 risk assessment all over the globe based on our C-Firesm Ring of Assurance methodology. Please visit our website or call us at +1 609-921-3551 to find out how we can help you with your risk mitigation requirements.
Computer Task Group (CTG)
Computer Task Group (CTG) – With the increasing complexity and costly demands of multiple governance, regulatory, and compliance requirements and audits such as Sarbanes-Oxley, PCI-DSS, HIPAA, and GLBA, CTG’s ISO/IEC 27001 services help organizations consolidate and satisfy their requirements through the adoption of a single, tailored framework. CTG’s ISO/IEC 27001 services, including assessments, implementation planning and support, training, and 2nd party audits, are executed by a team of ISO/IEC 27001 certified individuals with hands-on ISMS experience including IRCA certified ISO/IEC 27001 auditors.
CTG has a proven track record in establishing long-term, trusted relationships with organizations seeking value from their risk management and security programs. From the alignment of an enterprise security program to the ISO/IEC 27001 security standard to the pursuit of the ISO/IEC 27001 certification, the CTG Security team can help you meet your goals.
For over 42 years, CTG (NASD: CTGX) has delivered information technology solutions, services, and staffing to a long list of satisfied customers ranging from small and midsized companies to global Fortune 500 corporations. Our international network of ISO 9001:2000-certified offices, proven management methodologies, and hands-on expertise help our clients better leverage their information technology to achieve their business goals and gain a competitive advantage in the marketplace.
To learn more about how CTG can help you, please visit www.ctg.com/infosecurity or contact Mr. Michael Beekey directly at +1 301.869.6571.
Consult2Comply
Consult2Comply has adopted a standards approach to information and business protection. This ensures the controls and standards are able to be measured and the correct security/compliance posture can be maintained. The Consult2Comply team, are experts in standards and guidelines. Consult2Comply's approach is to help organizations align their business processes to ensure compliance to internationally recognized standards and best practices. We also assist our clients to map and implement these infrastructures to their specific regulations required by law to ensure compliance. Being accredited auditors, implementers and trainers we are able to fully understand business requirements and assist where necessary.
Download the Consult2Comply whitepaper 'the case for addressing Governance, Risk and Compliance (GRC) from a Business Perspective' (PDF, 135KB)
eFortresses
eFortresses, Inc. is a risk management solutions company providing best of breed training, consulting and software for integrating multiple information security, privacy and regulatory compliance requirements. eFortresses provides an automated solution based on mapping of ISO 27002/27001, HIPAA, Sarbanes-Oxley Act, Visa CISP/PCI, FACT Act, GLB Act, California SB-1386, NIST 800-53 (FIPS 200) etc. Our mission is to provide clients with the knowledge and expertise to make informed decisions regarding exposure to regulatory non-compliance and potential theft or compromise of information assets.
eFortresses is the author of the Holistic Information Security Practitioner (HISP) training and certification program that teaches the integration and mapping of ISO 27002/27001 with COBIT, COSO, ITIL and Multiple Regulatory Compliance requirements.
For more information, please visit our website or call 404-238-0588.
Idea Integration
Idea Integration is a business unit of MPS Group (NYSE: MPS) and provides ISO 27001
pre-registration and strategic security consulting to Fortune 1000 companies and United States Government agencies. Idea's security professionals are industry experts in the Information Security arena and provide customers across all verticals with solutions around Security Governance, Risk Analysis, and Disaster Recovery. For more information about Idea's Security Solutions, please visit our website.
Network Computing Architects, Inc
Network Computing Architects, Inc. is a top-tier provider of products, services and training to ensure clients that their Information has the appropriate level of security in place to provide reasonable assurance that their asset are protected. NCA provides professional services and expertise across the country for all phases of the Information Security life cycle. Its certified engineers are experts in providing consistent, high-quality services allowing maximum secure control and utilization of information elements. Based in Bellevue, Washington, NCA employs 65 people in 5 offices throughout California, Nevada, Oregon and Washington. NCA was named by Puget Sound Business Journal as one of the “100 Fastest Growing Companies” in the region and was recently named one of the “Best Companies” to work for by Washington CEO magazine.
NCA obtained ISO/IEC 27001:2005 certification (# 506700) in December of 2007 and is the first Associate Consultant for BSI in North America to complete this certification. NCA can help you build a security program based on international standards that is designed to provide reasonable assurance that your information assets are being protected. Our unique implementation methodology designed to understand our client’s core business processes, technology and people is a key differentiator. We spend time getting to know your culture, as every information security management systems is different.
For additional information regarding our capabilities, send an email to ISO27001_Services@ncanet.com or visit the NCA Website at: www.ncanet.com.
Orange Parachute
Orange Parachute a division of HotSkills, Inc., is a leader in the design and implementation of certifiable management systems to international standards.
Orange Parachute specializes in ISO 27001 certification consulting and information security program evaluation, design, implementation, and training. Our consultants have led multiple successful certifications spanning the entire globe.
Orange Parachute consultants are true experts in their practice areas, empowering clients with an innovative approach to information security management, audit, compliance, and technical and operational security.
Whether you need to become compliant to numerous regulatory requirements, improve your information security program or accelerate its maturity, Orange Parachute is the right call. Orange Parachute's unique and proven information security and compliance management tools, frameworks, and methodology for implementation makes us a logical choice for your certification efforts.
For more information, please visit our website or call 800-841-9329 (ext. 1).
SAIC
Science Applications International Corporation (SAIC) is a Fortune 300 company that delivers security solutions to government agencies and commercial companies around the globe. Expert in all Information Security disciplines, SAIC offers their customers over 30 years of experience delivering risk management services and products that aid customers in protecting their critical infrastructure and in preparing for regulatory and legal audits. Our Risk Management Framework provides customers with processes to establish an Information Security Management System (ISMS) in preparation for an ISO 27001 certification.
Examples of Risk Management Services include: Penetration Testing/Vulnerability Assessments, Policy and Standards review, Security Architecture Design, Forensics, Common Criteria Assessment, Physical and Personnel Security, Access Control and Identity Management, and Security Training. Our System Administrator Security Training and Cyber Defense Team Trainer are certified to meet the requirements of CNSSI-4013 (Advanced Level), which is the , National Information Assurance Training Standard For System Administrators (SA). SAIC is one of only two commercial organizations certified at this level.
For more information on SAIC security services, please visit our website.
Security GRC²
Security GRC² develops management systems that enhance our client’s organizational Security, Governance, Risk Management, Compliance, and Continuity efforts. Security GRC² uses international standards in the development of certified management systems that are built by certified professionals.
Our proven methodologies use a business process and risk management based approach to solving your Security and GRC² needs – creating programs that are effective and efficient based on the unique context of your organizational environment.
Security GRC² provides assessment and implementation services using certified professionals building Certified programs for:
- ISO/IEC 27001 Information Security Management System
- SAFETY Act 2002 Risk Management and Litigation Management systems
For more information on Security GRC² products and services, please visit our website www.securitygrc2.com or call (610)-768-7726 or (917)-546-0749.
SQM-Advisors
SQM-Advisors provides pre-certification consulting services focused on making sure organizations receive the full benefits of compliance with best practices while preparing for a smooth ISO/IEC 27001:2005 certification. SQM-Advisors is one of the few USA based consulting firms with specialists experienced in leading organizations to ISO 27001 certification. Our consultants have led original ISO 27001 implementations, performed Trial Audits, conducted Gap Analysis, created Security Improvement Plans and led conversion projects from BS7799 to 27001. For more information please visit our website or call 912-227-1323.
VeriSign® Global Security Consulting
Although many vendors offer consulting services to companies seeking compliance and auditing solutions, few providers can match the expertise, intelligence gathering capabilities, and commitment to recognized standards that VeriSign® brings to the table, and few providers are capable of taking on the role of a vendor-neutral trusted advisor. VeriSign® Global Security Consulting leverages exceptional regulatory knowledge, training, and experience; best-of-breed solutions; and a global network of proven technology. VeriSign has a history of stability and trust, and can deliver compliance and auditing solutions that are not only effective, but also make the best use of existing in-house personnel, technology, and processes.
Our consultants average nearly ten years of experience. Some of them have more than twenty years and have worked in a variety of environments from corporate IT and security to technology, development, and professional services in all of the industries we support. Almost all of our consultants have at least one certification and over 90 percent are Certified Information Systems Security Professional (CISSPs). For more information about VeriSign Global Security Consulting, please visit our website.
Verizon Business
Verizon Business gives you the intelligence-driven capacity to assess risk, manage threats, help address security compliance requirements, and reduce complexity—all in the context of your world. Verizon Business takes a business-driven approach to information security - looking to ascertain your organization's individual risk profile prior to making recommendations on security controls. This sets the stage for the adoption of an information security management program based on ISO 27001 that is congruent to the mission of your organization.
Verizon Business has extensive experience in developing, implementing and managing a wide variety of security programs to meet your business needs and can help you align your information security with the security components of most regulations and directives including Basel II, BS 7799/ISO 27001, HIPAA, PCI DSS, SAFE, GLBA, FISMA and ACSII 33.
Verizon’s Professional Security Services delivered over a hundred compliance and policy related engagements in 2007 alone and Verizon’s Security Management Program has helped enterprises assess and analyze their security practices for over 10 years. For more information on the breadth of Verizon Business’s offerings in the compliance and governance space, please go here.
Waters Edge Consulting
Waters Edge Consulting enables competitive leadership for businesses by focusing on the rules by which information is created and managed in the 21st century. Companies consult with Waters Edge to obtain and implement strategic, systems-based approaches to improving the trustworthiness of their information assets, often within specific, targeted operations.
Waters Edge Advisory and Research Services include Records Management, Assessment and Design, E-Discovery Model Library, IT Systems Regulatory Compliance, Training Programs, Seminars and Workshops and Strategy for ISO/IEC 27001:2005. Visit our website for more information.
Wolcott Group
Wolcott Group is an information technology consulting and integration company headquartered in Fairlawn, Ohio covering the Great Lakes region that helps organizations secure information, optimize IT infrastructure, and achieve IT governance through the implementation of security, service and delivery and audit frameworks. We advise our clients on IT strategy, governance, and compliance issues.
Our goal is to use the ISO 27001 framework to deliver cost-effective systems and processes that reduce the costs of our client's IT security, compliance, and governance efforts. Wolcott Group is a recognized leader in identity and security management implementations for large national and international clients. Wolcott Group is very experienced in implementing solutions for managing users, access rights, and privacy preferences to meet regulatory compliance guidelines. We also provide compliance consulting and implement compliance management and vulnerability management solutions. When it comes to solutions for managing security, compliance, and risk, Wolcott?s consultants, tools and partners deliver the highest value to solving client technology and business challenges. For more information, please visit our website or call 1-866-WOLCOTT.
