ISMS (ISO 27001)
Information Security Management System
Information has become the goods of our time. How to manage the process of creating, processing, storage and distribution of information is essential for survival of companies and institutions. Therefore the question of protection and security of information is gaining the main focus of top management. The management of many organizations realizes that protection and security of information is one of the priorities in the organization’s management system.
- Do you want to achieve improvement of quality of your IT information security?
- Do you want to be competitive when providing outsourcing and simultaneously optimizing costs of your information security?
- Do you want to be more trusted partner to your customers?
Versa Systems, as a consulting firm and system integrator in the field of business consulting services, offers you an expert assistance with implementation of information security management system – ISMSPaket. We will help you tailored information security management system exactly to your company needs based on the internationally recognized standards and "Best Practices".
We offer you information security solutions in the following areas:
- implementation of information security management system as a whole and preparation for certification according to ISO/IEC 27001
- implementation of the risk management system in accordance with EU legislation and international standards (ISO 27005, ISO 31000, etc.)
- implementation of the business continuity management system (BCMS) in accordance with international standards and legislation (e.g. ISO 22301)
- implementation of the information security according to specific, professional requirements, such as PCI DSS, SAS 70, etc.
- execution of risk analysis – once or repeatedly, based on our proven methodologies and tools
- execution of security and Due Diligence audits according to chosen international standard, legislation or based on customer requirements
- implementation of information classification system and system for protection of sensitive data (DLP)
- creation and implementation of emergency plans and business continuity plans (e.g. according to ISO/IEC 24762, ISO / IEC 27013, etc.)
- implementation of the solution from penetration testing and vulnerability testing in accordance with internationally recognized standards (PCI DSS, OWASP, OSSTM etc.)
What is ISMSPaket?
ISMSPaket represents implementation of information security management system to a qualitatively higher level. Such implemented information security management system provides customers with a proof of level of your provided information security services according to international standards.
Implementation of ISMSPaket serves as a precondition for successful certification of information security management system in accordance with international standard ISO/IEC 27001 or criteria of PCI DSS, etc. Our consulting services are based on a quality management process but also take into account the conditions of the customer. Implementation is always based upon the project which has several basic milestones. An essential starting point for each ISMS implementation project is so called situational analysis of ISMS. The aim of the situational analysis is the evaluation of the ISMS status within the organization, including the status of process management according to current legislation, standards (e.g. ISO/IEC 27001, ISO/IEC 27011, ISO/IEC 27099 etc.) or criteria such as PCI DSS, SAS 70 etc. Based on the results from analysis we will suggest a schedule of work that need to be completed for successful implementation of all processes according to above mentioned standards and subsequent certification. Part of the implementation is concerned with design of a process model for information security management, including the identification of links between processes, creation of necessary documentation and our assistance during implementation, measurements and analysis of individual processes in practice according to CMM model.
What offers ISMSPaket?
- Implementation of information security management system on higher quality level according to chosen standard or norm (e.g. ISO/IEC 27001, PCI DSS etc.) consists from the following basic steps:
- analysis of current status of information security system, determination of scope and identification of customer's requirements
- creation of necessary documentation according to legislative, standards and organization's requirements
- assistance with implementation of individual ISMS processes into company's practice
- assistance with internal audits and determination of degree of compliance with legislative, standard and norm requirements (e.g. ISO/IEC 27001, PCI DSS etc.) after implementation of all required ISMS processes
- assistance with preparations for certification audit and during the audit itself
- Setting up the basic framework of processes according to legislative, norm, standard and organization requirements (e.g. ISO/IEC 27001, PCI DSS etc.), especially:
- process management system for information security
- defining ISMS policy, including ISM boundaries and scope
- defining and setting up of risk management in defined ISMS scope
- defining and setting up of continuity management
- assistance with in analysis and risk assessment, including the proposal for reduction of unacceptable risks
- assistance in developing risk reduction plans
- assistance when developing "Statement of Applicability"
- assistance when defining and setting of the incident and security events management system
- assistance when defining and setting of metrics and objectives for measuring the effectiveness of ISMS
- Assistance when defining and implementing ISMS procedures based on selected security measures according to "Best Practices" (e.g. ISO/IEC 27002)
- Guarantee of a fixed price for the delivered solution
- Individual approach of our consultants, our consultants have more than 15 years of experience with the implementation and re-engineering of processes and process management
- Minimum burdening of organization's staff
- Execution of basic training for organization's employees
Duration and price
- The total time required for these activities depends on the support and cooperation of the customer (access to workplaces, course of activities according to the approved schedule, etc.)
- Usually you can achieve the implementation of information security management system in 4 - 12 months given the complexity of the processes and the size of organization
- We will prepare the specific price quotation tailored for you company, please contact us!
- By implementing ISMS you will better understand the individual processes of information security management, the links between them and roles, which are involved in the processes
- It will be easier for you to set parameters (metrics) which determine effectiveness of individual processes
- Management and reduction of total costs on security measures which are not based on "feelings" but on the results of risk analysis
- More flexible and faster adjustments to customers' requirements
- More efficient activities within information security operations
- Certificate serves as evidence, that organization has managed, controlled and certified processes of information security management corresponding with international standards and "Best Practices"
- Certificate will get you a competitive advantage on the market
For whom is ISMS suitable?
- ISMS is suitable for all organizations which provide and operate services for customers, provide outsourcing, process clients' data, process personal data etc.
- The basic objective of ISMS is protection of critical organization's assets in terms of their availability, confidentiality and integrity to ensure business continuity
- ISMS is suitable where organization needs to protect its assets including information, image, know-how and reputation against internal and external attackers.
ISMS – based on ...?
- ISMS is process-oriented platform for information security management which frequently uses two complementary standards ISO/IEC 27001 and ISO/IEC 27002. These standards define basic and minimal requirements for ISMS and also provide basic guidance for the implementation of ISMS system
- For successful implementation and effective operation of ISMS mere compliance with standard's requirements is not enough. The system should be also implemented on the operational level and also selected security measures should be implemented. Standard ISO/IEC 27002 is most commonly used to accomplish that.
- Depending on the industry and the field in which is ISMS deployed, sometimes arises a requirement for the ISMS implementation according to other industry standards, such as criteria of PCI DSS, SAS70 or standard ISO/IEC 27011 or ISO/IEC 27099