In fact, an ISMS has almost become mandatory for organizations active in different parts of the globe since it ensures a strong factor of credibility in the minds of their customers and clients.
At Appin we implement an ISMS customized to your needs. Each client is unique, and thou we do have an over and again successfully employed framework to base your ISMS upon, the actual implementation is highly customized according to your needs. In fact, we are so confident in our ability to add value for you, and provide you with a sound, reliable and secure ISMS of global quality, that we guarantee you will pass an ISO 27001 certifying audit. We can even maintain the certification for you, taking care of all necessary logs and internal audits.
Why Appin Recommends ISO 27001 As the Benchmark for ISMS
ISO 27001 is a globally acknowledged standard defining the requirements for an Information Security Management System (ISMS). The standard considers Information Security as a combination of people, process, and technology.
The standard is globally acknowedged, comprehensive and widely acknowledged. It is also easily integrated with other standards of the ISO family, particularly with ISO 9001. ISO 20000, the service delivery standard, is easily plugged on.
That way ISO 27001 enables companies to measure the risk to their information and ensure the selection of adequate and proportionate security controls that protect information assets, thus enhancing confidence of the organization's stakeholders. At the same time ISO 27001 streamlines business processes and facilitates implementing other standards.
The Roadmap to your Certified Information Security Management System
1. Risk Assessment
People, Processes, Technology. The assets on which your company is running. Are they secure? And thus, is your business secured?
Do you really know which are the risks your business is facing? How likely are those risks to happen? What can you do to mitigate those risks? These are the questions addressed in the Risk Assessment phase, by assessing the three critical pillars: People, Processes, Technology. On the technology front that includes Appin's world-class Vulnerability Assessment and Penetration Testing.
The results of the risk assessment are of crucial importance as they will form the basis for all policies, processes and security measures you will take. Guiding thoughts during this process include:
- A prioritizing of potential business disruptions based upon severity and likelihood of occurrence.
- The impact of various business disruption scenarios on both the organization and its stakeholders. During this step business processes and business impact analysis assumptions are stress tested with various threat scenarios.
- The loss impact on information services, technology, personnel, facilities, and service providers from both internal and external sources.
- The safety of critical processing documents and vital records.
- A gap analysis comparing the institution's existing BCP, if any, to what is necessary to achieve recovery time and point objectives.
- A broad range of possible business disruptions, including natural, technical, and human threats. Mind: If the threat scenarios developed are unreasonably limited, the resulting BCP may be ineffective.
During all these steps, an experienced Appin security expert guides and consults you to assure that your risk assessment will be conducted effectively, efficiently and will yield meaningful and actionable results.
2. Designing and Implementing Your Security Framework
Traditionally, organizations have relied on policies to communicate high – level directives from the management. These documents, once issued, provide top down influence for everyone in the company – from business units to departments to individual employees. Furthermore, these policies typically were developed at one time in the organization's evolution to capture the current environment. One of the major challenges for an organization in this area is the continued growth and adaptation of the policies to mirror the transformation within the organization.
This is where Appin has come with an unique methodology to design and implement the security framework.
3. Documenting Your Information Security Management System
Documentation and Certification is one of the most critical phases of any ISMS. Appin ensures that all relevant documentation required for ISMS are prepared and logs of relevant policies are maintained for at least one month before the external compliance audit takes place.
The documentation includes
- Asset Register
- Risk Assessment Matrix
- Risk Treatment Plan
- Information Security Management Policy
- Procedure Manual
- Business Continuity Plan
- Disaster Recovery Plan
Details and scope of the documentation will depend on your requirements. And whatever these requirements are, we will help you to meet them.
4. Acquiring and Maintaining Your ISMS Certification
After an internal security audit of processes, people and technology, we coordinate with the certifying body and invite them to our client’s organization for an external audit and providing certification. Appin has tied up with Intertek, a globally renowned certification body for carrying out external audits and certifying the organization as ISO 27001 compliant.
And as promised you at the beginning we guarantee you will pass we can even maintain the certification for you, taking care of all necessary logs, internal audits and adjustments in your ISMS systems. Customized, easy, effective. Just according to your needs.
