ISO 27001 IMPLEMENTATION
What is Information Security Management System (ISMS)
Information is an ASSET which, like other important business assets, has VALUE to an organization and consequently needs to be SUITABLY protected.
“Information Security Management System” is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. ISMS always follows Plan-Do-Check-Act methodology.
Features of ISMS
-
Adopted PDCA ( PLAN – DO – CHECK – ACT ) Model
-
Adopted a Process Approach
-
Identify – Manage Activities – Function Effectively
-
Stress On Continual Process Improvements
-
Scope covers Information Security not only IT Security
-
Focused on People, Process, Technology
-
Resistance to intentional acts designed to cause harm or damage to the Organisation.
-
Combination of Management Controls, Operational Controls and Technical Control.
-
Overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve Information security.
Benefits of ISMS Certification
-
Independent framework that will take account of all legal and regulatory requirements.
-
Gives the ability to demonstrate and independently assure the internal controls of a company (corporate governance)
-
Proves senior management commitment to the security of business information and customer information
-
Helps provide a competitive edge to the company
-
Formalizes, and independently verifies, Information Security processes, procedures and documentation
-
Independently verifies that risks to the company are properly identified and managed
-
Helps to identify and meet contractual and regulatory requirements
-
Demonstrates to customers that security of their information is taken seriously
Methodology and Approach for Certification
-
Assist in ISO Scoping
-
Assist in updating of Information Security Management System (ISMS)
-
Assist in Asset Identification, Risk Assessment & Risk Treatment Plan.
-
Evaluate System Security
-
Evaluate Technical & Non-Technical Environment
-
Assist in documentation of the Statement of Applicability (SOA) as per ISO 27001:2013 standard.
-
Information security Awareness & Training
-
ISO 27001:2013 Certification Support