ISO 27035 – Info. Security Incident Mgmt. Assessment
Company Certification Int. offers professional conformity assessment services for organizations aiming to align with ISO/IEC 27035, the globally recognized guideline for managing information security incidents. While ISO/IEC 27035 is not certifiable, our structured assessment ensures your organization adopts best practices to effectively detect, respond to, and recover from security incidents.
What Is ISO/IEC 27035?
ISO/IEC 27035 is an international guideline designed to help organizations establish and maintain an effective Information Security Incident Management (ISIM) process. It includes guidance for:
Preparing for incident handling
Detecting and reporting incidents
Assessing and responding to incidents
Learning from incidents to improve the system
The current version (ISO/IEC 27035-1:2023) outlines principles and processes that align well with ISO/IEC 27001 and modern cybersecurity needs.
What We Offer
Company Certification Int. provides comprehensive conformity assessments that include:
Independent review of your incident management policies and procedures
Gap analysis based on ISO/IEC 27035 principles
Evaluation of detection, response, and communication mechanisms
Expert recommendations for closing identified gaps
Issuance of a Conformity Assessment Certificate (non-accredited)
Key Benefits
Improves cyber incident readiness and response
Supports ISO/IEC 27001 implementation and audits
Demonstrates commitment to global security standards
Builds trust with clients, regulators, and stakeholders
Identifies vulnerabilities and process improvement areas
Who Should Consider This Assessment?
IT service providers and MSPs/MSSPs
Financial institutions and fintech companies
Healthcare, insurance, and government bodies
Organizations managing personal, confidential, or regulated data
Any business pursuing ISO/IEC 27001 certification or needing robust incident handling
Our Delivery Method
Fully remote or hybrid assessment options
Fast turnaround and flexible scheduling
Secure digital reporting and documentation
What You’ll Receive
Gap Analysis Report
Recommendations aligned with ISO/IEC 27035
Optional improvement roadmap
Certificate of Conformity (3rd-party verified)
Frequently Asked Questions (FAQ)
Q1: Is ISO/IEC 27035 certifiable like ISO 27001?
A1: No, ISO/IEC 27035 is a guideline. It does not have certifiable requirements, but organizations can undergo a conformity assessment to show alignment.
Q2: What’s the benefit of a conformity assessment?
A2: It validates that your organization follows international best practices in security incident management and provides credibility in front of clients and partners.
Q3: Do I need ISO 27001 before doing this?
A3: No, but ISO/IEC 27035 complements ISO 27001 by covering incident management. It can be done as a standalone assessment or in support of ISO 27001 efforts.
Q4: Will you help improve our incident response process?
A4: Yes, we provide recommendations and, if needed, consulting services to enhance your processes based on the assessment findings.
Get Started
Let our team at Company Certification Int. help you assess, improve, and align your information security incident management process with ISO/IEC 27035.