Home | Compliance and Audit Services
For a well organized and coordinated growth of the industry today, standardization has become a necessity. With the businesses today looking at a global perspective, ISMS Implementation, the relevance of a standard security standard such as ISO 27001 has come into its own. An Information Security Management System has almost become mandatory for servicing clients in different parts of the globe since it ensures a strong factor of credibility in the minds of the client. At Appin we implement the following ISMS based on the requirements of the client.
ISO 27001
ISO is an information security standard setting out the requirements for an information security management system (ISMS). The standard considers Information Security as a conglomerate of people, process and technology and enables companies to measure the risk to their Information and ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties including an organization's customers.
HIPAA (Health insurance accountability and portability act)
The intent of HIPAA is to improve the efficiency and effectiveness of the healthcare system by encouraging the development of health information systems that utilize EDI for the administrative and financial transactions specified. In addition, HIPAA seeks to establish the required use of national transaction standards when performing these business transactions between organizations electronically.
SOX (Sarbanes Oxley Act)
The Sarbanes – Oxley Act has fundamentally changed the business and regulatory environment. The Act aims to enhance corporate governance through measures that will strenghten internal checks and balances, and ultimately strenghten corporate accountability. 1. Risk Assessment
2. Designing and Implementation of Security Framework
Traditionally, organizations have relied on policies to communicate high – level directives from the management. These documents, once issued, provide top down influence for everyone in the company – from business units to departments to individual employees. Furthermore, these policies typically were developed at one time in the organization's evolution to capture the current environment. One of the major challenges for an organization in this area is the continued growth and adaptation of the policies to mirror the transformation within the organization.
This is where Appin has come with an unique methodology to design and implement the security framework.
Designing the ISMS
This includes framing an Information Security Policy for the organization based on the objectives of the client. In this phase Security manuals and procedures for different processes are documented and finalized with the client and his team.
Implementing the ISMS
Devising security measures and implementing them across the organization to enhance security on the parameters of Confidentiality, Integrity and Availability.
This is done via three methods
3. Documentation and Certification
Documentation and Certification is one of the most critical phases of any ISMS. Appin ensures that all relevant documentation required for ISMS are prepared and logs of relevant policies are maintained for at least one month before the external compliance audit takes place.
The documentation includes
Certification for ISMS
After an internal management audit, we coordinate with certification bodies and invite them to our client’s organization for an external audit and providing certification. Appin has tied up with Intertek, a globally renowned certification body for carrying out external audits and certifying the organization as being ISO 27001 compliant.
ISO 27001
ISO is an information security standard setting out the requirements for an information security management system (ISMS). The standard considers Information Security as a conglomerate of people, process and technology and enables companies to measure the risk to their Information and ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties including an organization's customers.
HIPAA (Health insurance accountability and portability act)
The intent of HIPAA is to improve the efficiency and effectiveness of the healthcare system by encouraging the development of health information systems that utilize EDI for the administrative and financial transactions specified. In addition, HIPAA seeks to establish the required use of national transaction standards when performing these business transactions between organizations electronically.
SOX (Sarbanes Oxley Act)
The Sarbanes – Oxley Act has fundamentally changed the business and regulatory environment. The Act aims to enhance corporate governance through measures that will strenghten internal checks and balances, and ultimately strenghten corporate accountability. 1. Risk Assessment
- A prioritizing of potential business disruptions based upon severity and likelihood of occurrence .
- The impact of various business disruption scenarios on both the institution and its customers. During this step business processes and business impact analysis assumptions are stress tested with various threat scenarios.
- The loss impact on information services, technology, personnel, facilities, and service providers from both internal and external sources.
- The safety of critical processing documents and vital records.
- A gap analysis comparing the institution's existing BCP, if any, to what is necessary to achieve recovery time and point objectives.
- A broad range of possible business disruptions, including natural, technical, and human threats. If the threat scenarios developed are unreasonably limited, the resulting BCP may be ineffectiv.
2. Designing and Implementation of Security Framework
Traditionally, organizations have relied on policies to communicate high – level directives from the management. These documents, once issued, provide top down influence for everyone in the company – from business units to departments to individual employees. Furthermore, these policies typically were developed at one time in the organization's evolution to capture the current environment. One of the major challenges for an organization in this area is the continued growth and adaptation of the policies to mirror the transformation within the organization.
This is where Appin has come with an unique methodology to design and implement the security framework.
Designing the ISMS
This includes framing an Information Security Policy for the organization based on the objectives of the client. In this phase Security manuals and procedures for different processes are documented and finalized with the client and his team.
Implementing the ISMS
Devising security measures and implementing them across the organization to enhance security on the parameters of Confidentiality, Integrity and Availability.
This is done via three methods
- Training bootcamps
- Mailers
- Posters
3. Documentation and Certification
Documentation and Certification is one of the most critical phases of any ISMS. Appin ensures that all relevant documentation required for ISMS are prepared and logs of relevant policies are maintained for at least one month before the external compliance audit takes place.
The documentation includes
- Asset Register
- Risk Assessment Matrix
- Risk Treatment Plan
- Information Security Policy
- Procedure Manual
- Business Continuity Plan
- Disaster Recovery Plan
Certification for ISMS
After an internal management audit, we coordinate with certification bodies and invite them to our client’s organization for an external audit and providing certification. Appin has tied up with Intertek, a globally renowned certification body for carrying out external audits and certifying the organization as being ISO 27001 compliant.
Have Queries? Contact Us or Email: info@appinlabs.com
Home | Information Security Management | Industry Focus | Your Needs | About Us | Client Testimonials | Sitemap | Contact Us
Copyright © KGW Appin Knowledge Solutions Pvt. Ltd. Privacy PolicyWeb Development & Web Marketing Wisitech