An information security management system (ISMS) is a documented system proving that the described information assets are protected, information security risks are managed, measures with the required level of guarantees are implemented and they are controlled as well. The ISMS may be implemented for a specific IS, individual parts of the IS or may involve the entire organization.
ISMS IN PRACTICE
Many organizations, for whom information and information technology are a key part of their business processes, are deciding how to effectively ensure their security. Addressing this issue requires an appropriate systemic and comprehensive approach and the basic guide for this are ISO standards ISO/IEC 27001 and ISO/IEC 27002. Both standards are closely interconnected, but each one has a different role. While ISO / IEC 27002 provides a detailed overview (catalog) of security measures that can be selected when building an ISMS, ISO / IEC 27001 specifies requirements for how to properly establish, implement, monitor, maintain, and improve an information security management system in an organization. Any ISMS certification then takes place according to ISO/IEC 27001.
ISMS, built on ISO/IEC 27001 and ISO/IEC 27002 standards, is fully compatible with quality management according to ISO 9001, environmental management system according to ISO 14001, OECD guidelines and is, as a single and comprehensive description of information security, a major creator of requirements and relationships at European level. Moreover, when reasonably implemented, it is purely practical and contributes to the effectiveness of security spending.
REASONS FOR ORGANIZATION TO IMPLEMENT ISMS
ISMS IMPLEMENTATION BENEFITS
HOW CAN WE HELP YOU?
Our employees have extensive practical experience and professional certifications, and we have already successfully managed many reference projects, including the first ISMS certification in the Czech Republic. We also have an integrated management system (IMS) in RAC, including quality management according to ISO 9001 and safety management according to ISO/IEC 27001, certified by DNV GL under the UK accreditation UKAS. Our team of consultants is ready to provide you with support in every single step of the successful implementation of ISMS, including any preparation for certification.
RAC ISMS SERVICE INCLUDES
– Analysis of the current state and environment of the organization
– Draft of scope and ISMS policy
– Design of security organization, determination of roles and responsibilities
– Design of the system structure of documentation
– Carrying out risk analysis and evaluation of risks
– Selecting measures
– Draft Declaration of Applicability
– Turnkey documentation
– Elaboration of plans for implementation of measures
– Training of employees of the organization, security manager and auditors
– Security incident management procedures
– Design and implementation of a process for planning the continuity of the organization’s activities
– Setting up the ISMS efficiency measurement process
– Preparation of ISMS management review
– Support for ISMS internal audits, including the proposal of corrective and preventive actions
RAC ISMS SERVICE INCLUDES
– Analysis of the current state and environment of the organization
– Draft of scope and ISMS policy
– Design of security organization, determination of roles and responsibilities
– Design of the system structure of documentation
– Carrying out risk analysis and evaluation of risks
– Selecting measures
– Draft Declaration of Applicability
– Turnkey documentation
– Elaboration of plans for implementation of measures
– Training of employees of the organization, security manager and auditors
– Security incident management procedures
– Design and implementation of a process for planning the continuity of the organization’s activities
– Setting up the ISMS efficiency measurement process
– Preparation of ISMS management review
– Support for ISMS internal audits, including the proposal of corrective and preventive actions
Do you want to know more information? Don’t hesitate to contact us!
Do you want to know more information? Don’t hesitate to contact us!