|
RAC ISMS: Establishing and Managing Information Security Management System
The Information Security Management System (ISMS) is a documented system demonstrating that: identified information assets are protected, information security risks are managed as well as security controls are implemented and controlled with required assurance level.
A lot of organizations, for which information and information technologies are key part of their business processes, are deciding how to effectively ensure their security. Solving those issues require corresponding system and comprehensive approach, therefore basic guidance for this area is the ISO/IEC 27001 and 27002 standards. Although both standards are closely linked together, each of them fulfils a different role. While ISO/IEC 27002 provides best practices for security controls, which can be selected during establishing and managing ISMS, ISO/IEC 27001 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving the documented ISMS. Possible ISMS certification is conducted in accordance with the ISO/IEC 27001 requirements.
Team of RAC consultants consultants can provide you with assistance in every step of establishing and managing ISMS, including preparation for ISMS certification:
- Conducting analysis of current organization’s environment and information security status
- Determination of ISMS scope and ISMS policy design
- The proposal of information security organization as well as its related roles and responsibilities
- The system design of documentation structure and “make-to-order“ documentation
- Conducting risk analysis and evaluation
- Selecting controls for risk treatment
- Preparing of the Statement of applicability
- Developing information security controls implementation plans
- Training of personnel, auditors and information security managers
- The procedures of information security incidents management
- The establishment and implementation of business continuity planning process
- Setting up the process of measuring the effectiveness of ISMS
- Preparing management review of ISMS
- The support of internal ISMS audits or ISMS precertification audits including proposal of corrective and preventive actions
Main reasons for establishing and managing ISMS
- Information is key part of the organization’s business processes
- An organization which has never systematically solved the information security before
- Management of organization requires effective system approach for ensuring information security within an organization
- An organization does not have its own skilled personnel available for establishing or managing the ISMS
- Prior to the ISMS certification an organization that wants to be assured by a third party that its implemented ISMS is in compliance with the requirements of the ISO/IEC 27001:2005 standard
ISMS Deliverables
- Effective and efficient information security risk management
- Significant improvement of effectiveness of investments spent on ensuring desired information security level on the basis of risk knowledge
- The alignment of information security requirements with business objectives and goals
- Competitive advantage through information security assurance - „A ticket for business“
- Boosting the organization’s credibility for its partners and clients, protection of its reputation and established brand
- The process approach for managing organization’s information security, its continual improvement and improving the organization’s management processes
- The increase of information security awareness across organization
- Effective management of information security incidents
- Preparation for emergency events due to business continuity planning
For further information contact us: +420 221 628 400 or rac@rac.cz
|
InfoCenter
Solutions
CRAMM
Solutions > RAC ISMS 
