iSquare Information Security Consultancy Services

 

ISO 27001 (ISO/IEC 27001:2013)

ISO 27001 (ISO/IEC 27001:2013)?

ISO 27001 is an Information Security Management System (ISMS) standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)

ISO 27001 Stages

ISO 27001 usually conducted in at least two stages, both to identify compliance to ISO 27001:2013

Stage 1: To Develop and Prepare for an ISMS Certification Audit

• To define ISMS scope & policy
• To define risk assessment approach
• To identify, assess and evaluate the risks
• To identify and evaluate options for treating risks
• To produce a Statement of Applicability

 

Stage 2: Certification Audit Process

• To confirm that the organization   adheres to its own policies, objectives and procedures and that ISMS conforms with all the requirements of the ISMS standard document and is achieving the policy objectives
• Accredited certification bodies to carry out an audit

_________________________

Advantages of ISO 27001

• To formulate security requirements and objectives
• Documentation of structures and processes
• To ensure compliance with laws and regulations
• Identification and clarification of existing information security management processes
• Increased employee awareness of security
• Evaluation of the organization's processes from a security point of view.
• Security becomes an integral part of business processes
• A way to ensure that security risks are cost effectively managed
• Definition of new information security management processes
• Knowledge and monitoring of the IT risks and residual IT risks
• Prioritizing the security of the business operations & business continuity management
• Globally recognized standard

ISO 27001 Steps