|
Version 4.0 - Copyright (R) 2009-2010 ISOXPERT. All Rights Reserved Powered By: ISO-Xpert |
|
Registered with Ministry of Science & Technology & National Productivity Organization of Govt. Pakistan |
|
Management & IT Consultants |
|
ISO-Xpert |
|
Management & IT Consultants |
|
Mailing Address: D-32, Block-7, Gulshan-e-Iqbal, Karachi-75300 Pakistan. |
|
Partners in problem solving… |
|
Phone: 021– 34973151, 021– 34815995 Fax: 92-021– 34973150 Email: URL: |
|
An Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security. ISO/IEC 27001 (BS 7799) is a standard for information security that focuses on an organizations ISMS. Why Select ISO-Xpert Management & IT Consultants as your ISO 27001:2005 ISMS Consulting Partner? · We have strong team of experts having huge international experience and exposure in ISO 27001:2005 ISMS consulting, implementation and training. · Consultants at ISO-Xpert Management & IT Consultants are technical and management graduates/post graduates, ISO 9000 Lead Auditors and ISO 27001 Lead Auditors . With diversified knowledgebase, we can provide highly optimal solutions to your information security management system requirements. · Our consultants have extensive invaluable hands-on experience of working under various roles and capacities in IT industry. They offer practical and pragmatic solutions.
Achieving ISO 27001 with ISO-Xpert Management & IT Consultants.
ISO-Xpert Management & IT Consultants offers expert consulting services for effective implementation of ISO 27001. ▪ Project Scoping: Properly scoping a ISO27001 project is an essential first step in any compliance initiative. Our consultants help you identify the business processes critical to your organization and which would be best targeted for initial compliance to the world-wide recognized Standard. ▪ Gap Identification: Gap analysis is the next step where our consultants develop a comprehensive report identifying the work required to become compliant as well as an action plan that includes prioritized actions for security improvement. ▪ Risk Assessment: Risk assessment is a mandatory component of ISO27001 and we help you analyze the levels of information security risk inherent in your business processes. Assessments can be performed. ▪ Process Improvement: Our consultants provide whatever level of support you need to implement the required security improvements and are able to suggest practical solutions in each of the different areas of the Standard. ▪ Preparing for Certification: Our consultants will explain both the benefits and the relatively minor, additional costs involved in certification. ISO-Xpert Management & IT Consultants can prepare you for certification and help you implement any final changes necessary to your ISMS. Finally, we can assist during the audit process itself by dealing with a certification body on your behalf and addressing any audit observations that arise.
Steps for implementing ISO 27001:2005 1. Define an information security policy 2. Define scope of the information security management system 3. Perform a security risk assessment 4. Manage the identified risk 5. Select controls to be implemented and applied 6. Prepare an SOA (a "statement of applicability"). |
|
What is an ISO 27001:2005 Information Security Management System (ISMS)? |
