What is an ISMS

The ISMS provides a framework to establish,implement,operate,monitor,review,maintain and improve the information security within an organisation.

The ISMS provides means to manage risks and handle incidents that suit your business activity.

Why do you need an ISMS

Today’s global economy relies heavily on the use of electronic information and information technology. A successful business must have the right information at the right time in order to make well-informed decisions. Not only is information the key to business success but the protection of this information is equally important. The issue of information security concerns organisations of all sizes and from all sectors, with an identical problem – their inherent vulnerability. No matter how secure and well protected an organisation appears to be, the risk of sensitive information being leaked out is always present. All types of information, whether paper-based or on a computer disk, is at risk Compromising on the confidentiality, integrity and availability of an organisation’s information assets may have adverse effects, including the risk of financial losses.

Benefits

Major components

The Certification Process

MS ISO/IEC 27001 - The Information Security Management System (ISMS)

This standard was adopted to address the topic of information security management. The ISMS provides a framework to initiate, implement, maintain and manage information security within any organisation.

MS ISO/IEC 27002 - Code of Practice for Information Security Management

This is a standard code of practice which contains guidelines to be followed to set up and implement the ISMS. It can be regarded as a comprehensive catalogue of good security things to do.