ISO 27001 INFORMATION SECURITY MANAGEMENT SYSTEM

ISO 27001 formally specifies a management system that is intended to bring information security under explicit management control.
Most organizations have a number of information security controls. Without an information security management systme however, the controls tend to be somewhat disorganized and disjointed, having been implemented often as point solutions to specific situations or simply as a matter of convention.The security controls in operation typically address certain aspects of IT or data security, specifically, leaving non-IT information assets (such as paperwork and proprietary knowledge) less well protected on the whole. Business continuity planning and physical security, for examples, may be managed quite independently of IT or information security while Human Resources practices may make little reference to the need to define and assign information security roles and responsibilities throughout the organization.

 

Benefits of ISO 27001

• A valuable framework for resolving security issues
• Enhancement of client confidence & perception of your organisation
• Enhancement of business partners’ confidence & perception of your organisation
• Provides confidence that you have managed risk in your own security implementation
• Enhancement of security awareness within an organisation
• Assists in the development of best practice
• Can often be a deciding differentiator between competing organisations

 

Are You ready for certification?

1. Manual should be prepared. Scope of the manegement system should be defined in manual.
2. Minumum one magement review should be done about OHSAS management system and its performance. Review records also should be kept.
3. Minimum one internal audit  should be done with trained auditors according to the ISO 27001 standard.
4. Responsibilities and authority should be  defined for organization.
5. Policy and objectives should be defined and communicated and understood throughout the organization.
6. Company assets should be defined and classified
7. Company assets should be evaluated according to their security level,integrity and accasebility.