ISMS Benchmark Service



  1. Measure security process and security control maturity against the leading international security standard, ISO-27001:2013

  2. Measure & demonstrate continuous process improvement over time


  1. Identify policies, processes, and controls that need attention

  2. Historical trend analysis

  3. Industry & demographic comparisons


  1. Onsite interactive workshops

  2. Detailed analysis and comparison reports

Optional Value Add-Ons:

  1. Security Event Management & Incident Response ISO-27035:2011

  2. NIST Cybersecurity Framework (CSF)

  3. Center for Information Security (CIS) Top 20 Critical Security Controls

  4. Payment Card Industry – Data Security Standard (PCI-DSS v3.1)

Fact: Since April, 1996, CompuCom’s legacy has been performing the ISMS Benchmark service for organizations of just about every size and vertical market across the globe, long before other providers.

CompuCom helps our Client assess its security requirements for confidentiality, integrity, availability, privacy, and risk tolerance; we provide recommendations and roadmaps to implement security controls that should adequately meet the Client's identified security requirements.

This service provides a high-level benchmark assessment to measure the maturity of the Client’s Information Security Management System (ISMS) processes, control objectives, and controls.

This particular service seeks to measure the maturity of the client's ISMS controls across seven different measurement points:

  1. Vision & Steering

  2. People

  3. Process

  4. Technology

  5. Culture

  6. Percentage of Control Implementation

  7. Quality & Effectiveness of the Security Control

The results of this service allows CompuCom and our client to identify where additional resources and help needs to be applied. In addition, we are able to measure the maturity and improvement of security controls over time, providing comparisons against other organizations by vertical industry, size, and geographic region. Clients are encouraged to have this service performed at least annually over a multiple year time period. Some of our clients have done this for more than a decade.

The benchmark data obtained can be used for strategic planning and to demonstrate continuous process improvement with other repeated assessments over time, as well as, demonstrate a return on the Client’s investments in information security.

CompuCom will utilize its knowledge capital, certified industry subject matter experts, experienced resources, and where possible, templates to help improve the ISMS process maturity and integration with other IT process areas.

Strategic Value to Your Management Team:

  1. Vital context for measuring security control objectives

  2. In-depth analysis of its existing security controls

  3. Identifies, measures and monitors trends

  4. Creates internal momentum using year-over-year progress reports, validated by a credible third party

  5. Proves that existing projects are delivering the intended results

  6. Demonstrates continuous process improvement and identifies areas that need attention

  7. Qualitative measurements help to remove roadblocks to progress

  8. Measures security control objectives against ISO 27001:2013 and 27002:2013 standards

  9. Ensures that information security is focused on the right issues

  10. Ensure solid strategies and initiatives to keep everything working

  11. Enhances communication around information security from top to bottom

  12. Continually have a clear understanding of current and ongoing security posture

  13. Compare results with peers in your industry rapidly identify gaps in existing security practices and integrate that knowledge into an information security roadmap

  14. Validate existing program needs and past successes for optimum decision making

  15. Have the detailed information easily at hand to back up security promises to customers

  16. Easily indicate to customers that all of the bases covered

Want to hear more about additional security service offerings?

Click Here or...


(717) 395-3063

Andrew R. Reese

Mobile: (717) 395-3063

Links to more detail:

  1. My CV Overview

  2. Security Tips

  3. My Security Pledge

  4. Security Practice