Information Security Management System
What is Information Security Management System:
Information is an ASSET which, like other important business assets, has VALUE to an organization and consequently needs to be SUITABLY protected.
“Information Security Management System” is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. ISMS always follows Plan-Do-Check-Act methodology.
- The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.
- The Do phase involves implementing and operating the controls.
- The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
- In the Act phase, changes are made where necessary to bring the ISMS back to peak performance
ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS)
Features of ISMS:
- Adopted PDCA ( PLAN – DO – CHECK – ACT ) Model
- Adopted a Process Approach
- Identify – Manage Activities – Function Effectively
- Stress On Continual Process Improvements
- Scope covers Information Security not only IT Security
- Focused on People, Process, Technology
- Resistance to intentional acts designed to cause harm or damage to the Organisation.
- Combination of Management Controls, Operational Controls and Technical Control.
- Overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve Information security.
Benefits of ISMS Certification:
Certifying your ISMS against ISO/IEC 27001 can bring the following benefits to your organization:
- Independent framework that will take account of all legal and regulatory requirements.
- Gives the ability to demonstrate and independently assure the internal controls of a company (corporate governance)
- Proves senior management commitment to the security of business information and customer information
- Helps provide a competitive edge to the company
- Formalizes, and independently verifies, Information Security processes, procedures and documentation
- Independently verifies that risks to the company are properly identified and managed
- Helps to identify and meet contractual and regulatory requirements
- Demonstrates to customers that security of their information is taken seriously
ControlCase InfoSec Methodology and Approach for Certification:
- Make Contact with ControlCase InfoSec : Inform us about your requirements
- We appoint a main point of contact for you: Our representative will provide all the support & solutions needed.
- Registration for the Certification : Register with ControlCase InfoSec for the certification
- Conduct Assessment :
- We will conduct stage 1 assessment at your location. It is an initial review of the management system. This is a preliminary round checks whether key documents not only exist but are complete in all respects. It also tests the organizations readiness for Stage II audit. In this assessment we may find weaknesses which need to be resolved before final assessment i.e. stage 2 assessments. Once you resolve these weaknesses we will conduct Stage 2 assessment.
- Issue Certification: Once the assessment has been successfully completed, we will issue a Compliance of Registration in the form of Certificate. Generally this certificate validity would be three years subject to successful surveillance assessment.
- Conduct Re-assessments: After completion of surveillance assessment the management system will be re-validated by conducting a re-assessment followed by maintenance of your registration through Continuing Assessment Visits. On successful completion of this review the certification of registration will be extended for further 3 years.
Why ControlCase InfoSec:
- Certification Process meets the Global Standards ( ISO 17021 )
- Competitive Rates
- More focus on Quality Service and Customer Satisfaction
- Complete and in-depth Knowledge of ISMS Standard
- Highly certified & experienced team
- Thorough hands-on experience of information security systems
- Strong expertise in program and project management
- Interactive knowledge transfer