Home About us Our Services Our Clients Business Ehancer Career
 
  ISO 27001 : 2005  
 

 
 

ISO 27001 or ISO/IEC 27001:2005 is an internationally recognized standard that governs the design, implementation, monitoring, maintenance, improvements, and certification in the area of Information Security Management Systems (ISMS). ISO 27001 is not a mandatory law; it is more of a collection of "best practices" and "industry practice proven knowledge" related to ISMS. ISO 27001 is the standard against which organizations may seek independent certification of their ISMS. ISO 27001 is a "top down" information management approach.

In general, ISO 27001 says that organizations need to:

  • Analyze risks related to information security
  • Define specific security goals
  • Define methods which all activities should follow
  • Document all risks, goals, and methods
  • Implement measures to manage risks
  • Assign accountability for risk management
  • Measure information security 
  • Embed continuous improvement approach

ISO 27001: Why do we need it?

What happens if vital information gets stolen, trade secret is revealed, or information system just does not work? Almost everything in today’s business is based on information. Having correct information in the right time is often the source of competitive advantage. Companies spend large portions of their budgets on information acquisition and management.

To manage and mitigate risks related to working with information and data, option is to implement a system  for the management of the security of information called Information Security Management System (ISMS). An ISO 27001 certified Information Security Management System gives a great advantage in dealing with customers and partners. This can open the door for mutual data and information exchange with your clients, partners, vendors, and customers.

ISO 27001: Implementation

The IT department is the main executor of an ISO 27001 implementation, but the standard can be implemented in any industry. The management of the company needs to be the main driver, sponsor, and promoter of the change. The IT department is usually the ideological and executive force, especially in the IT-related aspects. The management is also the bearer of project implementation risk.
Implementation of specific security measures and policies involves among others the following departments:

  • Top Management
  • HR department
  • Training and education
  • Building security
  • Building maintenance
  • Legal department
  • Vendors and outsourcing 
  • And especially employees
  
    MORE LINKS
Training Calendar
Educational Partnership Program
Clients Speak
Training Calender
Contact Us
Site Map
 
Articles on Six Sigma          Click Here > >
 
 
training programme

Daily Work Management

training programme

Lean Manufacturing
training programme

Payment Card Industry - Data Security

training programme

ISO/IEC 27001

training programme

ISO/IEC 20000
training programme

Other Six Sigma Trainings
   
 
 
 
 
 
Home | About us | Our Services | Our Clients | Online Store | Career | Contact Us
  copyrights © 2010 qgspl.com
All rights reserved