'Security Awareness - the key to YOUR success'

ISMS & ISO 27001

As with all management processes and systems, an ISMS (Information Security Management System) shall remain effective and efficient in the long run. This means an organisation & it's ISMS needs to adapt to internal and external changes.

 

ISO 27001:2005 therefore incorporate the 'Plan-Do-Check-Act' (PDCA) Cycle.

 

  • The 'PLAN' phase is about designing the ISMS by considering assessed security risks & apply selected / appropriate controls.
  • The 'DO' phase involves implementing and operating selected controls.
  • The 'CHECK' phase means to measure the effectiveness & efficiency of the ISMS & it's controls.
  • The 'ACT' phase ensures maintaing effectinveness & efficiency of the ISMS by incorporating necessary changes. 

ISO 27001 is in general a risk based Information security standard. This means organisations need to have a Risk Management Process and/or Methodology in place.  This process fits into the PDCA cycle shown above, but with the 2013 standard it is not mandatory to use it anymore; the ISMS user is free to use any management process improvement approach such as SIx Sigma or PDCA.


BENEFITS

Benefits of implementing International Standards are:

 

1. Lower costs

- Implement preventive measures & avoid incidents

- Identify, mitigate and eliminate risks

- Eliminate unefficent processes

- Align processes & reduce work load 

 

2. Market edge & Lead generation

Increase your image & create another USP especially when dealing with new customers.

    

3. Quality Assurance

Assure management of the quality of a system, business unit or entity by applying recognized framworks.

 

4. Ensure Compliance

Be most efficient with regards to being compliant to regulatory requirements. This is a very quick 'return on Investment' you can get.

 

5. Alignment

The implementation of standards often requires an involvement of technical and business parties, with the goal to ensure alignment. This helps to make processes & Management Systems more efficient.

 

 5. Benchmark

Standards can be used to measure your status internally and against competitors.  

 

 6. Awareness

Implementation of standards often help to increase security awareness within your own organisation & therefore avoid incidents and extra costs.