ISO/IEC 27001 (Information Security Management System)

The ISMS (Information Security Management System) enables an organization to establish an effective framework for managing information security. ISO 27001 defines comprehensive requirements for ISMS that deals with all the technical and human aspects in information security in all its operational processes. Companies can be independently audited to ISO 27001and achieve registration to show their customers, partners and regulatory bodies that their processes are secure in handling information.

ISO 27001 defines comprehensive requirements for ISMS that deals with all the technical and human aspects in information security in all its operational processes.

The goal of ISO 27001 is to provide a common base for developing organizational security standards and effective security management practices and to provide confidence in inter-organizational dealings.

Who is it relevant to?

ISO/IEC 27001 is suitable for any organization, large or small, in any sector or part of the world. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors. ISO/IEC 27001 is also highly effective for organizations who manage information on behalf of others, such as IT outsourcing companies: it can be used to assure customers that their information is being protected.

IQS Step by Step Approch to ISO/IEC 27001 Certification

The flow chart gives a high level view of the major steps in the process. This is a generic diagram - the details will vary from situation to situation. The main activities are as follows:

1) Top management commitment

2) Define ISMS scope

3) Inventory your information assets

4) Conduct an information security risk assessment

5) Prepare a Statement of Applicability & Prepare Risk Treatment Plan

6) Develop ISMS implementation program Run the ISMS implementation program

7) Operate the ISMS Collect ISMS operational artifacts

8) Review compliance

9) Undertake corrective actions

10) Conduct a internal audit

11) Final Certification audit

For ISO/IEC 27001

Call @ 09837097100
Email @ info@iqsglobal.in