Consulting for ISO 27001 ISMS Information Security Management System
Are your sensitive information, data & processes protected?
Information security management systems and their certification according to ISO/IEC 27001:2013 are rapidly gaining in importance - also because the customer side is increasingly demanding such internationally recognized proof for information and data security.
An Information Security Management System (ISMS) protects sensitive information, data, processes, IT systems and resources holistically by means of documented methods, guidelines and rules. These must be continuously reviewed and, if necessary, further developed to suit the company. An ISMS certification according to ISO/IEC 27001:2013 also proves the international standard of the protection level created (e.g. towards customers, users, insurance companies etc.).
Why ISO/IEC 27001:2013 certified ISMS?
- Protection against white-collar crime and accidental attacks
- Reduction of (IT) risks and resulting damage/costs
- Stabilized, transparently designed IT & business processes
- Improvement of system availability
- Practical, economic system, since measures are always in the context of actual risks
- International ISO/IEC 27001 standard > recognised proof against third parties (customers, users, insurance companies, authorities, etc.)
ISMS in 5 steps
The basic prerequisite for a functioning system is 100% acceptance on the part of the management/company management and the sensitization (awareness) of all parties involved.
1. Basis – Scope of application
What should the ISMS do/Which corporate values should be protected? Where is the ISMS delimited and which interfaces exist? Which processes are excluded and why?
Determination of the values/areas to be protected and the corresponding complexity of the ISMS
What are the risks/threats to the scope? How can risks be evaluated (reduced, outsourced, avoided) and which risks are still acceptable and why?
Company-specific risk identification, evaluation/assessment according to scope and assignment of responsibilities
3. Measures and documentation
What measures are necessary to reduce or eliminate relevant risks? What is the exact aim of each measure? How are the measures implemented (review of implementation through audits). What are the responsibilities?
Definition, implementation and monitoring of measures for risk containment/avoidance
4. Review and further development
How is the effectiveness of the measures continuously monitored? Which processes and monitoring measures are necessary for this? Are there any new threats and how will they be dealt with?
Ongoing review and adjustment of the measures due to possible new/changed risks in the company/area of application (continuous improvement process)
5. Awareness - Living the system
What must be done to ensure that all parties involved accept the ISMS and correctly apply or comply with its rules/measures? Which training courses are necessary and how often?
ISMS as an integral part of the company philosophy including regular employee sensitisation and training.
Continuous improvement process
ISMS schlank umgesetzt
Benefit from LOGSOL's experience from its own ISO/IEC 27001:2013 certification process.
Our experts for information security also support you with your ISMS project and its lean implementation: