ISO 27001 Implementation

What is Information Security Management System (ISMS)?

Information is an Asset which, like other important business assets, has Value to an organization and consequently needs to be Suitably protected.

An “Information Security Management System” is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. ISMS always follows Plan-Do-Check-Act (PDCA) methodology.

Features of ISMS

• Adopted PDCA (PLAN – DO – CHECK – ACT) Model
• Adopted a Process Approach
• Identify – Manage Activities – Function Effectively
• Stress On Continual Process Improvements
• Scope covers Information Security, not only IT Security
• Focused on People, Process, and Technology
• Resistance to intentional acts designed to cause harm
• Combination of Management, Operational, and Technical Controls

Benefits of ISMS Certification

Independent framework taking account of all legal and regulatory requirements.
Ability to demonstrate and independently assure internal controls (corporate governance).
Proves senior management commitment to business and customer information security.
Provides a significant competitive edge to the company.
Verifies that risks to the company are properly identified and managed.

Methodology and Approach

ISO Scoping

Define the clear boundaries of your ISMS.

Asset & Risk Assessment

Identify assets and implement Risk Treatment Plans.

System Evaluation

Evaluate technical and non-technical environments.

SOA Documentation

Documentation of Statement of Applicability (SOA).

Awareness & Training

Information Security Awareness & Training for personnel.