Information Security- ISO 27001 formally defines as an information security management system, which is a group of activities related to information risk management and is called the “ISMS” Information Security Management System.
Where ISMS ensures that security arrangements are strictly controlled to meet changes in security threats and their consequent weaknesses and business impacts – an important aspect in this dynamic, changing area every day, especially since the increasing importance of information and the need to protect it are among the most important factors to ensure continuity the work.
The missing information has no equal equivalence.One of the most important features of ISO27001 is flexibility and effective comparison between different risks and ways to overcome them.
WHAT IS INFORMATION SECURITY MANAGEMENT SYSTEM:
Information is an ASSET which, like other important business assets, has VALUE to an organization and consequently needs to be SUITABLY protected.
“Information Security Management System” is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. ISMS always follows Plan-Do-Check-Act methodology.
- The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.
- The Do phase involves implementing and operating the controls.
- The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
- In the Act phase, changes are made where necessary to bring the ISMS back to peak performance
ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS)
FEATURES OF ISMS:
- Adopted PDCA ( PLAN – DO – CHECK – ACT ) Model
- Adopted a Process Approach
- Identify – Manage Activities – Function Effectively
- Stress On Continual Process Improvements
- Scope covers Information Security not only IT Security
- Focused on People, Process, Technology
- Resistance to intentional acts designed to cause harm or damage to the Organisation.
- Combination of Management Controls, Operational Controls and Technical Control.
- Overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve Information security.
BENEFITS OF ISMS CERTIFICATION:
Certifying your ISMS against ISO/IEC 27001 can bring the following benefits to your organization:
- Independent framework that will take account of all legal and regulatory requirements.
- Gives the ability to demonstrate and independently assure the internal controls of a company (corporate governance)
- Proves senior management commitment to the security of business information and customer information
- Helps provide a competitive edge to the company
- Formalizes, and independently verifies, Information Security processes, procedures and documentation
- Independently verifies that risks to the company are properly identified and managed
- Helps to identify and meet contractual and regulatory requirements
- Demonstrates to customers that security of their information is taken seriously
CONTROLCASE INFOSEC METHODOLOGY AND APPROACH FOR CERTIFICATION:
- Make Contact with ControlCase InfoSec : Inform us about your requirements
- We appoint a main point of contact for you: Our representative will provide all the support & solutions needed.
- Registration for the Certification : Register with ControlCase InfoSec for the certification
- Conduct Assessment :
- We will conduct stage 1 assessment at your location. It is an initial review of the management system. This is a preliminary round checks whether key documents not only exist but are complete in all respects. It also tests the organizations readiness for Stage II audit. In this assessment we may find weaknesses which need to be resolved before final assessment i.e. stage 2 assessments. Once you resolve these weaknesses we will conduct Stage 2 assessment.
- Issue Certification: Once the assessment has been successfully completed, we will issue a Compliance of Registration in the form of Certificate. Generally this certificate validity would be three years subject to successful surveillance assessment.
- Conduct Re-assessments: After completion of surveillance assessment the management system will be re-validated by conducting a re-assessment followed by maintenance of your registration through Continuing Assessment Visits. On successful completion of this review the certification of registration will be extended for further 3 years.
WHY CONTROLCASE INFOSEC:
- Certification Process meets the Global Standards ( ISO 17021 )
- Competitive Rates
- More focus on Quality Service and Customer Satisfaction
- Complete and in-depth Knowledge of ISMS Standard
- Highly certified & experienced team
- Thorough hands-on experience of information security systems
- Strong expertise in program and project management
- Interactive knowledge transfer
ISO 27001 Fields: –
Standard 27001 covers all types of organizations and can be applied to all sizes from small companies to large multinationals and all industries or markets such as: –
1. Commercial enterprises.
2. Government agencies.
3. Non-profit organizations.
4. Retail business.
5. Banking services.
6. Health care.
8. Governmental institutions and bodies.
Structure of ISO 27001 certification
-It can systematically describe ISO 27001 Standard informational risk management process.
Scope & Terms and definitions
– Determines all ISMS requirements that are appropriate for organizations of any type, size or nature.
Context of the organization
Understand the organizational scope, needs, and expectations of all interested parties and define the scope of the ISMS. Whereas, the organization must continuously establish, maintain, and improve the ISMS “Information Security Management System”.
-High management must demonstrate clear leadership and adherence to the mandate policy and designate specific roles and responsibilities and information security authorities in the organization.
– This factor clarifies the importance of the process of defining, analyzing and planning treatment Information security risks in the organization, and clarifies the goals of information security.
–Adequate resources must be allocated, awareness raised, documents prepared and controlled.
– Details about evaluation and treatment Information security risks, change management, and documentation.
– Monitor, measure, analyze, evaluate and review all information security controls and management systems, and improve things systematically when necessary.
– Processing the results of reviews and corrective actions, as well as making all continuous improvements to the “Information Security Management System”
Benefits of obtaining ISO27001 certification
• Show interest to client & investor
• Improving the relationship between organizations with the government and society.
• Improving & preserving property in all its forms, “programs, information, equipment, and buildings”.
• Reducing information loss while adhering to business requirements.
• Increasing the awareness of all employees of the organization about the importance of information security.
• The organization’s interest in developing its performance while making sure to provide the best service to the customer.
• Increasing the competitiveness of the organization and the rate of participation in the market.
• It demonstrates to all clients the commitment to a secure level of information used at the highest standards.
• The Foundation’s readiness to continue to perform its business in the case of any natural or accident
• More ability to communicate between IT personnel and their security and enterprise management.
• Easy and fast transition to get ISO 9000 Standard.
Get ISO 27001 Certification
Obtaining ISO / IEC 27001 certification by an accredited and respected body like OSS Middle East is completely optional; however, there is a growing demand every year from suppliers and business partners from organizations that care about the security of their information.
According to a 2017 survey, there are around 40,000 ISO / IEC 27001 certifications worldwide, an increase of 20% annually, which demonstrates an increased awareness of organizations of the importance of achieving the standard and benefits of working.
Steps To Request an External Audit
Contact OSS Middle East and request an external audit of ISO 27001
Where a committee of auditors and experts is formed to examine the company’s information security system, after which the notes stage begins and a review report is presented in the event of notes. Time is given to the company to deal with these notes and adhere to all requirements and then after making sure of the company’s status and adherence to all specifications ISO 27001 certificates The Company is granted the certificate
Oss Middle East Company:
Aim to help organization in all sectors in Egypt and Middle East to apply the international standard in their system.
OSS accredited by:-
OSS register by Many Egyptian Organization:
- The Egyptian Organization for Standards & Quality (EOS).
- EGYPTIAN GENERAL PETROLEUM CORPORATION (EGPC).
- Industrial Modernization Centre (IMC).