Information Security Management System (ISMS) – ISO 27001

Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security. ISO/IEC 27001 is a standard for information security that focuses on an organization's ISMS.

Objective of ISMS

Information security is the protection of information to ensure:
• Confidentiality: ensuring that the information is accessible only to those authorised to access it.
• Integrity: ensuring that the information is accurate and complete and that the information is not modified without authorization.
• Availability: ensuring that the information is accessible to authorized users when required.

Why should I implement ISO 27001 ISMS?

• Certification of a management system brings several advantages. It gives an independent assessment of your organization's conformity to an international standard that contains best practices from experts for ISMS.
• Meeting legislative and regulatory requirements
• As a measure and independent evidence that industry best practices are being followed.
• As part of a corporate governance program

Process for implementing ISO 27001
1. Define an information security policy
2. Define scope of the information security management system
3. Perform a security risk assessment
4. Manage the identified risk
5. Select controls to be implemented and applied
6. Prepare as SoA (a "statement of applicability")

The Certification Process
 Guidelines - ISO/IEC 27002:2007
 Certification - ISO/IEC 27001:2005
 Stage 1 : Documentation Review & evaluate client's readiness
 Stage 2 : Implementation audit & evaluate effectiveness of client's systems
 Lead Auditor's recommendation to certify
 Certificate issued by certification/registration body
 Surveillance
 Periodic review audits (6 months interval)
 Re-certification (after 3 years)