Docstoc

ISO 27001 standard compliance service

Document Sample
ISO 27001 standard compliance service Powered By Docstoc
					                                          ISO 27001 standard compliance service



                  24/7                  Whether it is to prepare your organization for an ISO
                 MSS
                                        certification, an audit or simply to better implement the best
               Technical
                Audits                  practices held in these standards, the Above Security
                                        compliance consultants will guide you through the
            Gap management
                                        necessary steps of the implementation.
          Operational Audit


      Management Framework              What is ISO 27001?
                                        The ISO-27001 standard was created to manage the development and the
Above Security considers that there     setting-up of an Information Security Systems Management program. In this
  are 5 levels of information risk      case, the term “information” covers information under all its forms, electronic
       management needs.                or physical. The ISO 27001/2005 standard specifies conditions to establish,
                                        implement, set up, manage, review, maintain and improve the documented
  Managed Security Services are at      management of the information security systems in a global context of
         nd
    the 2 level of this pyramid.        business risks for the organization. This standard was created, like the ISO-
                                        9001 (Quality) and 14001 (Environment), to allow the business certification as
                                        part of an ongoing improvement process.


                                        Why proceed to an ISO-27001 certification?
                                        There are many reasons to initiate a ISO-27001 process. The most important
                                        ones are based on the increasing regulation and the business risks
                                        management factors.

                                        On one hand, throughout the world, the regulation requiring the businesses
                                        transparency and responsibility awareness is constantly progressing.
                                        Generally, we observe a strong tendency towards the increase of the
                                        executives and administrators individual responsibility.
                                        On the other hand, the management of the risks related to information and
                                        their impact on the businesses reputation are becoming more and more
                                        important.

                                        The initiative towards a support service for the ISO 27001 compliance allows
                                        the business to address its concerns in terms of information security and
                                        compliance to international requirements while showing an organizational
                                        maturity and a real objective of continuous improvement. This initiative
                                        relieves administrators and allows executive members to make sure the
                                        situation is managed in accordance with the international applicable
                                        standards.


                                        What methodology is used?
                                        The support service process for the ISO 27001 standard compliance consists
                                        in determining how the information and the systems associated are protected,
                                        in assessing the processes and policies in place and in diagnosing with a
                                        maturity grid the business situation.




Peace of mind… for the last 10 years!
  www.abovesecurity.com
  ISO 27001 standard compliance service



The security audit will be first performed on the existing documentation
regarding the design and implementation of the information security
management system. In fact, the auditor gathers all information and meets
the appropriate external professionals. In the course of these meetings, the
auditor, with the help of proprietary tools, gathers information on each of the
clauses of the standard ISO 27001:2005 as well as on the 133 ISO
27002:2005 control standard – Best practices guide for the information
security management supported.


Control points
The five ISO 27001 clauses and the eleven ISO 27002 control points are
defined briefly below. For most of these clauses and control points, we first
use questionnaires and forms to be filled by the client as well as meeting
reports with the client's key personnel in order to better understand the actual
situation.

The ISO 27001 : 2005 control criteria that will be assessed is:
1. Information Security Management System (ISMS)
2. Management Responsibility
3. ISMS Internal Audit
4. ISMS Management Review
5. ISMS Improvement

The ISO 27002 : 2005 control criteria that will be assessed is:
1. Risks management
2. Security policies
3. Organizational security
4. Assets classification and control
5. Human resources security
6. Physical and environmental security
7. Communications and operations management
8. Access control
9. Information system development and maintenance
10. Information security incidents management
11. Business continuity management
12. Compliance




                                                                                   Peace of mind… for the last 10 years!
                                                                                      www.abovesecurity.com
  ISO 27001 standard compliance service



About Above Security
                                                                                  Contact us:
Our mission is to be our customers’ strategic partner in information risk
management. Above Security helps more than 250 organizations throughout
22 countries in the Americas, Caribbean, Europe and North Africa. Our             1919, Lionel-Bertrand Blvd.
clientele is composed of organizations in almost all sectors namely: finance,     Suite 203
banking, insurance, pharmaceutical, telecommunications, manufacturing and         Boisbriand, Qc J7H 1N8
government entities.
                                                                                  Canada
We serve our clients in French, English, Arabic and Spanish. One of the
reasons for our success is that all our consultants hold one or many of the       Telephone:
following independent information security certifications:                        1- 450-430-8166

                                                                                  Toll free (North America only):
                                                                                  1-866-430-8166

                                                                                  Fax:
All team members are submitted to a strict selection and a severe security        1- 450-430-1858
accreditation process* that can lead to obtaining a security accreditation from
the Canadian government.                                                          info@abovesecurity.com
Our team members are under exclusive contract with Above Security and
subscribe to confidentiality clauses and to a code of ethics ensuring to our
clients the security of information and the fairness of our services.

Above Security is a private enterprise that does not subscribe to any
engagement of sales amount or security products distribution, thus assuring
our independence.

Since 1999, Above Security allows you the peace of mind you deserve to
achieve your business objectives.




                                                                                    Peace of mind… for the last 10 years!
                                                                                      www.abovesecurity.com

				
DOCUMENT INFO