Business that Leads You
Home l IQA Traning l Client List l Certification Proceedure l Rules & Regulations l Auditor Tips l Contact Us
  Services: ISO 9001 | ISO 14001 | OHSAS 18001 | ISO 27001| CE Marking

What is information security?

Information security is the protection of information to ensure:

  • Confidentiality: ensuring that the information is accessible only to those authorized to access it.
  • Integrity: ensuring that the information is accurate and complete and that the information is not modified without authorization.
  • Availability: ensuring that the information is accessible to authorized users when required.

Information security is achieved by applying a suitable set of controls (policies, processes, procedures, organizational structures, and software and hardware functions).

What is an ISMS?

An Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security. ISO/IEC 27001 (BS 7799) is a standard for information security that focuses on an organization’s ISMS. Other standards for information security are much more specific and have a different focus:

  • IT systems (FISMA and ISO 13335-2)
  • Product (Common Criteria, ISO 15408, FIPS 140-2)

Why should I certify my ISMS?

Certification of a management system brings several advantages. It gives an independent assessment of your organization’s conformity to an international standard that contains best practices from experts for ISMS. A certified ISMS does not guarantee compliance with legislative and local policies, but provides a systematic platform to build on.

What are the main concepts of ISO/IEC 27001 (BS7799)?

  • All activities must follow a method. The method is arbitrary but must be well defined and documented.
  • The standard requires a company to specify its own security goals. An auditor will verify whether these requirements are fulfilled.
  • All security measures shall be the result of a risk analysis.
  • The standard offers a set of security controls. It is up to the organization to choose which controls to implement based on the specific needs of their business.
  • A process must ensure the continuous verification of all elements of the security system through audits and reviews.
  • A process must ensure the continuous improvement of all elements of the security system.

What is the Certification Process?

1.         Assess if your ISMS is ready for certification.

  • Is your ISMS conformant with the standard?
  • Do you need to do work to get it ready?

2.         Identify an accredited CB

  • Agree and sign a contract wit the CB (Generally this is a 3 year commitment)
  • Agree the Schedule.

3.         Go through the audit process:

  • Stage 1 audit (also known as a desktop audit). Here the CB examines the mandatory ISMS documentation.
  • Take action on the results of the stage 1 audit.
  • Stage 2 audit (on-site audit). Here your CB sends an audit team to examine your implementation of the ISMS.
  • Address audit findings and agree on a surveillance audit schedule.

4.         When your ISMS is found to be conformant, the CB recommends to its validating committee that the ISMS is compliant with the standard, and if the validation committee agree then they issue the certificate. (Depending on the organization this can take a few weeks to several months)

5.         Go through the surveillance audit as scheduled with the CB

6.         Keep your CB informed of any significant changes affecting your ISMS

7.         Re-certification after three years.

How long is a certificate valid?

The maximum term of validity is three years.
 
 
Home l IQA Traning l Clients List l Certification Proceedure l Rules & Regulations l Contact Us
Copyright © 2007 BMS Certification Private Limited. All rights reserved
Designed By: Webhaat.com. All Rights Reserved (Terms of Use)