"Without a standard there is no logical
basis for making a decision or taking action."
Joseph M. Juran
ISO/IEC 27001 is "the best-known standard in the family providing requirements for an information security management system (ISMS)". The standard helps ensure that there is adequate control over the confidentiality, integrity and availability of stakeholder information protection. The function of the standard is to provide consistent certification of an ISMS.
An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector to keep information assets secure.
The implementation of an ISO/IEC 27001 compliant ISMS involves a number of steps and should be treated as an on-going project rather than a one-time compliance effort.
By appointing us to be your ISO/IEC 27001 implementer, you will gain access to professional consulting services that will help and enable you to:
- Scope the ISMS, so that all and only relevant information assets are protected.
- Perform a preliminary assessment.
- Identify the resources needed to address the issues found by the preliminary assessment.
- Make sure your business is properly served by the ISMS.
- Develop and update the information security policy of your organization.
- Conduct a risk assessment in order to identify, estimate and evaluate risks.
- Select the relevant controls in order to mitigate identified risks.
- Create all documents to support every component of your ISMS.
- Prepare and implement your staff training and awareness program.
- Perform testing on a regular basis to validate implemented controls' effectiveness.
- Conduct management reviews of the performance of the ISMS annually.
- Select a properly accredited certification body for your formal ISO/IEC 27001 certification.
- Achieve the certification.
- Manage and maintain the quality of your ISMS according to the ISO 27001 requirements.
TALK TO US
Our employees are certified ISO/IEC 27001 Lead Implementers, accredited by IBITGQ.
We help organizations create their ISMS and maintain it in accordance with the standard's requirements through our:
- hassle-free approach.
- exhaustive documentation kit with integration with your document management system.
All of the above enable us to provide you with the best industry pricing.
Addtiitonal services to help you build and maintain your ISMS in accordance with the standard's requirements:
Risk Management - we can build your risk management system in accordance with the standard (Clause 6.1).
Internal Audit Outsourcing - save time, staff and money when you need to perform internal audits (Clause 9.2).
Security Awareness Training - we can help you with your staff training program (Clause 7.2.2).