Information Technology Standards

ISO 27001 IT Security Management
For more information on the Information ISO 27001:2013  click here.

ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization’s information security risk environment(s).

It is designed to be used by organizations that intend to:

  1. Select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001;
  2. Implement commonly accepted information security controls;
  3. Develop their own information security management guidelines.

Benefits of ISO 27001 Certification

  • Improved client trust and new client opportunities
  • Cybersecurity risks are too great for many businesses to trust an uncertified company with their sensitive information.
  • Developing new and improved processes and strategies.
  • By better identifying their company’s areas of risk through the ISO 27001 certification process, management may be able to develop new processes or improve existing ones for increased continuity and efficiency.
  • Comply with responsibilities: commercial, contractual, and legal.
  • Avoid breaches of various obligations related to information security and the associated requirements.

ISO 27001 is the only international auditable standard for Information Security Management Systems. It provides independent assurance that your organization complies with legal, statutory, regulatory, and contractual requirements bearing sensitive information. Obtaining an ISO 27001 certification proves that you have taken steps to protect sensitive information against unauthorized access.

Who needs ISO 27001?

Any organization that holds sensitive information is a candidate for ISO 27001 certification. In particular, companies in the healthcare, finance, public, and IT sectors can benefit greatly from a certified ISMS.

CMMC – Cybersecurity Maturity Model Certification
Coming Soon!

What is CMMC?

CMMC is the U.S. Department of Defense’s new Cybersecurity Maturity Model Certification. It is a requirement that all contractors and suppliers, primes and subs, establish protocols to protect Controlled Unclassified Information (CUI), Federal Contract Information (FCI), and other data, network, and systems of the Defense Industrial Base (DIB) sector. Previously, companies could self-certify compliance with the appropriate Defense Federal Acquisition Regulations (DFARs). Now companies must pass an audit conducted by a certified third-party assessment organization (C3PAO).

Soon all RFIs from the Department of Defense (DoD) will mandate the acquisition of a Cybersecurity Maturity Model Certification (CMMC) for all primes and contractors working with the DoD.  CMMC establishes cybersecurity as a foundation for future DoD acquisitions.

From custodial to manufacturing and engineering, anyone working directly or indirectly with the DoD, will have to obtain a level of CMMC from LV1 to LV5.

For 25-years, Orion has consistently met the needs of our auditing clients, and we are ready to tackle the challenge CMMC presents. Orion has been actively pursuing certification process as a C3PAO (Certified Third Party Assessment Organization) and is developing partnerships with key cybersecurity university programs. We intend to be your trusted resource for CMMC certification.

Watch for more information coming soon!


ISO 20000 IT Service Management
For more information on the Information Technology Service Management Standard ISO 20000 click here.

 Preparedness:  Business Continuity Standards:
ISO 22301
For more information on the Standard go to:




Excellent Pricing and Service