Introduction to ISO 27001 Standard
Demonstrate your commitment to information security
Information is a major asset. In business it supports a multitude of processes, from deals to mergers, projects to employee details. A range of information that is usually meant for company-use only, can easily be brought into public knowledge. Any disruption in the quality, quantity, distribution or relevance of your information systems can put your business at risk to attack from external sources.
That’s why you need to actively manage the security of information systems and business-critical information, not just to assure your employees and stakeholders, but also any customers and partners with whom you share that information.
Make your information safe and keep it that way
The ISO 27001:2005 Information Security Management Systems (ISMS) certification enables you to demonstrate your commitment to information security and customer satisfaction, as well as continuously improving your corporate image.The standard is currently based of two different elements:
- ISO 27001:2005: Standard against which ISMS can be certified.
- ISO 27002:2005 (formerly ISO 17799-2): Guidance on implementing ISMS.
The first step is to define the scope of the ISMS policy. This is critical to identify the potential dangers you face and decide a systematic approach to how to assess these risks.
A successful ISMS is based on the Plan-Do-Check-Act methodology
The ISO 27001:2005 standard effectively covers twelve sections:
- security policy
- organization of information security
- asset management
- human resources security
- physical and environmental security
- communications and operations
- access control
- information systems acquisition, development and maintenance
- information security incident management
- business continuity management
To start with, an assessment is made on how your ISMS have been implemented to identify the gap vs. the standard requirements. After gaps have been filled, the initial audit follows. From the audit, you will receive a report that outlines the key measures needed to receive positive certification. Once no major corrective action is required, you’ll obtain direct certification. Annual compliance audits will follow and the certificate will be renewed every three years as long as systems are maintained.
The benefits of ISO 27001:2005
The reputation of ISO and the certification against the internationally recognized ISO 27001:2005 enhances any company’s credibility. It clearly demonstrates the validity of your information and a real commitment to upholding information security. The set up and certification of an ISMS can also transform your corporate culture both internally and externally, opening up new business opportunities with security conscious customers/clients, in addition to improving employee ethics and the notion of confidentiality throughout the workplace. What’s more, it allows you to enforce information security and reduce the possible risk of fraud, information loss and disclosure.
ISO 27001:2005 Gap AnalysisObjectives:
During this mission our consultants will bring you a round-up of security practices in your company compare to ISO 27001:2005 requirements. Is this mission appropriate to your needs?
If you plan to implement an Information Security Management System but first want to have a clear view of the gap between your current situation and ISO 27001’s requirements. What will be the deliverables?
You will receive a report giving you:
- A clear description of the processes that need to be improved
- A list of missing procedures which are required for compliancy
We will also provide you a realistic and customized ISO 27001 implementation path.
ISO 27001:2005 Implementation AssistanceObjectives:
During this mission our consultants will help your company to implement an Information Security Management System compliant with ISO 27001 standard. Is this mission appropriate to your needs?
You want to show evidence that you are using security best practices to your stakeholders (strategic partners, customers, shareholders, regulators…). What will be the deliverables?
At the end of the mission your company is operating an ISO 27001 compliant ISMS. Our consultants are also going to provide you an Excel tool in order to evaluate your compliance level on a day to day basis.
ISO 27001:2005 Pre-Audit
The goal is to prepare your company to an official ISO 27001:2005 certification audit. Is this mission appropriate to your needs?
You have implemented an ISMS based on ISO 27001:2005 standards and plan to go for an official certification audit but want to be sure that everything is in place. What will be the deliverables?
Our consultants, who are “certified ISO 27001 Lead Auditor”, are going to realize an audit based on procedures and methodologies which are identical the one that will be used by the certification bodies.
Useful Related Links
, la Sécurité des Technologies de l'Informationhttp://www.lsti.fr/ISO
: International Organization for Standardizationhttp://www.iso.org/
Ministère de l'Economie et du Commerce Extérieurhttp://www.eco.public.lu/
Direction centrale de la sécurité des systèmes d'informationwww.ssi.gouv.fr