not familiar with ISO/IEC 27001, but I guess it fits here. Anyway, security measures are a key factor in investing business
The security process include host assessment (on servers), network equipment and security devices for Phase 1.
For Phase 2 it's Penetration Test and Web Assessment Test from within Datacenter, WAN and the internet.
Once assessment is out, a report will be given and hardening to be done.
Upon completion of security hardening there will be a Post-Assessment to close all security issues.