ISO 27001 FAQs

ProcessLOGIX Consulting Pvt. Ltd. Effective Business Solutions Consulting ● Technology ●Services _________________________________________ ISO 27001 Frequently Asked Questions What is ISO 27001? ISO 27001 is an international standard published by International Organization for Standardization. The standard specifies requirements of an information security management system that an organization can build and operate. The willing organization can look at these requirements and build its own information security management system (ISMS) based on those requirements. Additionally the organization can approach a certification agency to carry out an external audit of the implemented ISMS in order to get certified. What is ISMS? ISMS, information security management system is a management system based on a systematic business risk approach establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security. What is Information Security? Information security is the protection of information to ensure: • Confidentiality: ensuring that the information is accessible only to those authorized to access it. • Integrity: ensuring that the information is accurate and complete and that the information is not modified without authorization. • Availability: ensuring that the information is accessible to authorized users when required. Integrity Availability Information security is achieved by applying a suitable set of controls (policies, processes, procedures, organizational structures, and software and hardware functions). Confidentiality Information _____________________________________________________________________ Corp Off: B93, Shyamlal Bhavan, Kantilal Compound, R.J. Road, Andheri (E), Mumbai – 400 093 Pune: 9, Priyanka, Sanewadi, Aundh, Pune – 411 007 Tel: +91-9923155209 / 9987094949 /9820430517 / 9967585311 Web: http://www.processlogixconsulting.com E-mail: info@processlogixconsulting.com ProcessLOGIX Consulting Pvt. Ltd. Effective Business Solutions Consulting ● Technology ●Services _________________________________________ Why should we implement ISMS and get certified to ISO 27001? If information assets are important to your business, you should consider implementing ISMS in order to protect those assets within a sustainable framework. If you implement ISMS, you should consider joining the growing number of organizations around the world that have already gone through the process to be certified against the ISO/IEC 27001 standard. A successful ISMS certification provides an assurance that an independent team of evaluators has audited your information security management system and certified your adherence to the international standard. This can be a differentiating factor for your business. ISO/IEC 27001 continues to build a reputation for helping to model business practices that enhance an organization’s ability to protect its information assets. How to implement ISMS? The implementation process includes: 1. Define scope of ISMS - which processes, which departments 2. Gap Analysis (the best by third party) 3. Information classification 4. Risk assessment 5. Implementing changes (controls) indentified in risk assessment 6. People training 7. Internal audit 8. Corrective and preventing actions 9. Management review 10. Certification What is the certification process? The certification process includes: 1. Stage 1 audit: The Certification Body (CB) auditor examines the pertinent documentation. 2. Taking action on the results of the part 1 audit. 3. Stage 2 audit: The CB sends an audit team to examine your implementation of the reviewed, documented ISMS. 4. Correction of audit findings. Agreeing to a surveillance schedule. 5. Issuance of certificate. (Depending on the CB this can take a few weeks to several months.) Following initial certification, the ISMS is subject to surveillance as specified by the CB, and then requires re-certification after three years. _____________________________________________________________________ Corp Off: B93, Shyamlal Bhavan, Kantilal Compound, R.J. Road, Andheri (E), Mumbai – 400 093 Pune: 9, Priyanka, Sanewadi, Aundh, Pune – 411 007 Tel: +91-9923155209 / 9987094949 /9820430517 / 9967585311 Web: http://www.processlogixconsulting.com E-mail: info@processlogixconsulting.com ProcessLOGIX Consulting Pvt. Ltd. Effective Business Solutions Consulting ● Technology ●Services _________________________________________ What are the benefits of certified ISMS? The benefits of certified ISMS are numerous. The most realized benefits are: • Increased security and reliability of information systems • Enhancement of client confidence & perception of your organisation • Cost-effective and consistent information security practices • A valuable framework for resolving security issues • Enhancement of business partners’ confidence & perception of your organisation • Better contingency planning • Reduced costs from consolidating and optimizing systems • Improved management of risk • Improved management control • Better employee working environment • Provides confidence that you have managed risk in your own security implementation • Enhancement of security awareness within an organisation • Assists in the development of best practice • Can often be a deciding differentiator between competing organisations _____________________________________________________________________ Corp Off: B93, Shyamlal Bhavan, Kantilal Compound, R.J. Road, Andheri (E), Mumbai – 400 093 Pune: 9, Priyanka, Sanewadi, Aundh, Pune – 411 007 Tel: +91-9923155209 / 9987094949 /9820430517 / 9967585311 Web: http://www.processlogixconsulting.com E-mail: info@processlogixconsulting.com