Information (regardless of medium on which it is stored) is critical in an Organization's decision making process, and can even make the difference to its survival. The current state of technological development has meant that Information systems are beginning to support the implementation of most business processes. Easy access to information, unfortunately, also causes a number of risks, including the obvious one - data theft. Others can arise from non-approved modification or destruction of information. Current practices mean that information security is not limited to IT and physical security but involves the thorough training of staff about the potential hazards, the preparation of appropriately formulated supplier contracts taken in to consideration Information security issue as well as formal and tested business continuity plans.

The international standard ISO / IEC 27001 is an Information security management system (ISMS) standard specifying the requirements and objectives which can be applied  in order to establish such a system.

What does the standard ISO 27001: 2005 involve?
Although most Organizations have security measures in place to protect information, without an ISMS  are often  chaotic because these measures have been introduced as problem specific solutions and apply only to certain aspects of Information Technology. In most cases assets such as documentation, knowledge, key human resources, etc. are not included.
The standard consists of two parts: general requirements and annexes. The general requirements in this standard define the basis for the establishment and management of an ISMS, including the required documentation, management responsibilities, ISMS internal audits, as well as the need for management reviews and continuous improvement. All the requirements defined in this part of the standard must be met. The ISMS is establishment and maintained by determining the appropriate methodology an risk analysis.

Annex A of ISO / IEC 27001 identifies eleven areas affecting information security in organizations that must be considered. The methodology for securing these areas depends  on the Organization and should be based on a Organization specific risk assessment. The areas that need to taken into consideration include :

1. Security policy;
2. Information security organization;
3. Asset management;
4. Assurance of  Human resources;
5. Physical  and environmental security;
6. Systems and network management;
7. Access control;
8. Business Continuity Management;
9. Acquisition, development and maintenance of information systems;

10. Management of incidents related to information security;

11. Compliance with legal requirements and Company own standards.

Benefits associated with the implementation and certification of an Information Security Management System ISO 27001:2005 include:

• Reduction of risks to the business associated with security loss,
• Providing credibility about the Organization's approach to Information security
• Providing assurance that the data and information provided are handled and  processed in a secure manner,
• Enabling new market and customers penetration as ISO 27001 paves the way for Organization's to meet the Information security requirements hence fulfills certain prerequisite standards needed  for initiating co-operation with an increasing number of Clients.
• Obligating the Organization to meet legal requirements,
• Information Security Management  becomes is formalized and predictable,
• Increasing  confidence of stakeholders. Our auditors have the appropriate knowledge and skills in Information security and other aspects of IT so their objective assessment can assist in the implementation of Industry best practice and hence help to increase confidence in the systems security.
• Surveillance audits (required by certification) confirm that the information security management system is appropriately maintained and complies with the stanadards requirements.

BPIC CONDUCTS TRAINING AND CERTIFICATION ACCORDNG TO ISO 2700:2005.

If you want to get more information, please click below:

• Certification Audit Process - click here!
• Need more information - contact us
• Certification Enquiry Form (B750)