Adapted from the British Standards Institute (BSI) BS 7799, which was originally written by the Department of Trade and Industry (DTI), ISO 27001:2005 contains 134 controls organised into 12 main sections and specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS).
As information, electronic or hard copy, is becoming more prolific within organisations, the risk and impact on the business through the loss or corruption of information also increases. Gaining compliance to ISO 27001:2005 affirms that your organisation has established and can demonstrate that confidentiality, integrity and availability of information is adequately addressed, providing:
· A common organisational security objective and standard
· Identification and clarification of existing information security management processes
· Effective management of security incidents and risks
· Confidence to existing and prospective customer base
· A competitive advantage and market differentiator over competitors
Moreover, information security is now an important factor in the selection of service providers for most organisations, particularly those within the finance, health, public and IT sectors and will soon become a contractual or service level agreement requirement.
ISO 27001:2005 is aligned with both the ISO 9001 (quality management systems) and ISO 14001 (environmental management systems) standards. The three standards share system elements and principles, including adopting the PLAN, DO, CHECK, ACT cyclic process.
Fairland assist clients to initiate, create, maintain and provide training and awareness for staff in ISO 27001:2005, fully supporting the organisation throughout the implementation process.
Fairland also consult and assist in the creation of policies & procedures, working with all relevant internal departments, to provide a solution that suits the organisation and enables staff to operate with a full understanding of its requirements, the type of information to secure and how they should report incidents.
As part of this process, Fairland perform a comprehensive review of your existing security processes and procedures, including levels of information security risk, and compare them to those required in the ISO 27001:2005. The results of which will form the basis for a gap analysis / risk assessment, which can be developed into a comprehensive programme for cyclic improvement.
The final process is to demonstrate to an independent auditor that your internal controls meet corporate governance and business continuity requirements. Fairland’
