ISO 27001
Companies are becoming increasingly dependent on data in business operations. Imagine what happens if all the data from the estimating system of the last few months is suddenly gone; there is no access to email and you can only be reached by phone. Nowadays, the impact of data loss is great, yet relatively little is done to reduce the risks. "The chance is small" or "that's never happened to me before" are common arguments for not doing anything yet.
This Information Security Management System protects your company's information from a wide range of threats to ensure business continuity and minimize business risks.The Service Center can support you in building and implementing your own "Information Security Management System," or ISMS.
Our approach
- Determining the current status of information security ;
- Adopt information security policy;
- Conduct a Business Risk Analysis (BRA) and prepare information classification and risk profile;
- Elaborate measures to be taken based on the the Annex A of the ISO 27001 standard;
- Determine priorities and establish them in a Basic Security Level (BBN);
- Implementing the technical and organizational measures;
- Introduce action plans, consultations, incident registers, management review, internal audit.
- Resulting in a Statement of Applicability and certification conducted by an independent certifying body.
Basics
- The management of security risks concerning the data of the organization and its customers.
- The continuous improvement of awareness and prevention of data breaches and malware.
- Providing maximum assurance of safety and continuity to all involved.
Custom
From our broad experience in implementing ISO 27001, we have compiled the above methodology. The in-house consultants at the Service Center will help you in this customized process using the blueprint material we have developed:
Enter
Your consultant will guide you through the process of setting up your ISO 27001 information security system. You will be assured of a system that meets the standard requirements while being specifically tailored to your business. Through the clever use of blueprint materials, combined with your own company information, you will have a certifiable ISO 27001 system in no time.
Maintain
After setting up the information security system, it is important to keep your system continuously updated. Your in-house consultant helps you implement the technical and organizational measures; the action plans, consultation forms, incident registers, the management review, and he conducts the internal audit.
Conducting audit
Periodically performing internal controls (internal audits) is an essential part of an ISO system. This way, the functioning of your information security system is measured and timely improvement actions are identified. Organizing internal audits is the best stepping stone to certification.
Certify
You obtain the certificate after a positive external audit conducted by a certifying body. We can guide you through the external audit and thus help you obtain ISO 27001 certification.