What is ISO 27001?
ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.
An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure.
ISO/IEC 27001 requires that management:
- Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts;
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
- Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.
Implementing an information security management system will provide organisation with a system that will help to eliminate or minimise the risk of a security breach that could have legal or business continuity implications.
An effective ISO 27001 information security management system (ISMS) provides a management framework of polices and procedures that will keep information secure, whatever the format.
Following a series of high profile cases, it has proven to be very damaging to an organisation if information gets into the wrong hands or into the public domain. By establishing and maintaining a documented system of controls and management, risks can be identified and reduced.
BENEFITS of ISO 27001
- Protected information from getting into unauthorised hands
- Ensured information is accurate and can only be modified by authorised users
- Assessed the risks and mitigated the impact of a breach
- Been independently assessed to an international standard based on industry best practices
- Increased reliability and security of systems and information
- Improved customer and business partner confidence
- Increased business resilience
- Alignment with customer requirements
- Improved management processes and integration with corporate risk strategies
- Mars Consultants shall appoint Consultant who shall be responsible for quality and effective implementation of system
- Mars Consultants shall provide visits based on the need and status of the system.
- Mars Consultants will communicate the date of visit of our consultant to the client by sending SMS at every week end
- Mars Consultants shall provide detailed Visit report / Gap Analysis report for every visit
- All activities shall be completed as per the target dates set during visiting dates of consultants.
Our Scope of Consultancy:
ISO 27001 Gap analysis
We conduct a 360 degree appraisal of current systems and operations of your organization to identify gaps in current management system versus requirement of the particular ISO standard. On the basis of gap analysis, implementation plan is prepared.
ISO 27001 Training
We provide one of the most complete suite of training for various ISO standards covering awareness training, documentation training, implementation training, internal auditor training.
- Awareness Training
- Detailed training (as required by the organization)
- Internal auditors training
ISO 27001 System Establishment
We assist organization to establish the systems in line with the standards requirements and organizational requirements. We establish the following as a minimum:
- Quality Policy & Objectives
- Organization chart
- Roles, Responsibilities and authorities
- Defining Measure of performance for all processes (departments)
- Apex Manual and procedures as required by standard and organization
- Assist in establishing SOPs / Work Instructions / flow charts and records
- Control of documents
- Control of records
- Management review
- Competence, awareness, and training
- Work environment
- Multidisciplinary approach.
- Continual improvement of the organization
- Corrective action
- Preventive action
We assist in effective implementation of these documents to ensure that an effective and fully compliant management system is implemented in organization. This involves one to one coaching / mentoring or a group / departmental training. During the process of implementation, required systems will be amended to ensure that the systems are practicable and approachable for all personnel.
Conducting Internal audit
We ensure that internal audit is conducted by your team under our supervision for the first time or else we can conduct the internal audit for your organization. We make sure that the internal audit process becomes value adding activity and not just routine process.
Assistance in External Body Audit
Our expert ISO consultants will provide you input and on site assistance if required to create the required level of comfort and confidence for your organization by being on site with you and your team at the time of audit. We make sure that the stage 1 and stage 2 audit processes get completed easily and smoothly. If required we provide post audit assistance to complete the audit formalities and ensure that you receive the ISO certificate in time. Our ISO consultants provide unique, effective, easy to understand, easy to implement and quick ISO implementation solutions so that the ISO certification process does not become a resource drain but rather resource enhancer.