|
|
Yogesh Pawar
CTO
TechnoSysCon
Shree Nathji Heights,
Plot No.- 72,
Behind Chikhli Telephone Exchange,
C.D.C. Purnanagar, Chinchwad, Pune. PIN - 411019
Telefax - +91 20 2749 0009,
Mobile - 09423005866
info@technosyscon.com,
|
|
|
| |
|
|
| |
ISO 27001:2005 Consultants In Pune India ISO 27001:2005 -
Information Security Management System
ISO 27001 is the formal
standard against which organizations may seek
independent certification of their Information
Security Management Systems (meaning their frameworks
to design, implement, manage, maintain and enforce
information security processes and controls systematically
and consistently throughout the organizations).
The standard covers all types of organizations
(e.g. commercial enterprises, government agencies
and non-profit organizations). It specifies the
requirements for establishing; implementing, operating,
monitoring, reviewing, maintaining and improving
documented ISMS within the context of the organization’s
overall risk management processes. It specifies
requirements for the implementation of security
controls customized to the needs of individual
organizations or parts thereof.
ISO 27001 provides an ISMS model for adequate
and proportionate security controls to protect
information assets and give confidence to interested
parties.
According to SC27, the ISO committee responsible
for the ISO/IEC 27000 series and related standards,
ISO 27001 “is intended to be suitable for
several different types of use, including:
|
|
| |
• Use within organisations
to formulate security requirements and objectives;
• Use within organisations as a way to ensure
that security risks are cost-effectively managed;
• Use within organisations to ensure compliance
with laws and regulations;
• Use within an organisation as a process
framework for the implementation and management
of controls to ensure that the specific security
objectives of an organisation are met;
• The definition of new information security
management processes;
• Identification and clarification of existing
information security management processes;
• Use by the management of organisations
to determine the status of information security
management activities;
• Use by the internal and external auditors
of organisations to demonstrate the information
security policies, directives and standards adopted
by an organisation and determine the degree of
compliance with those policies, directives and
standards;
• Use by organisations to provide relevant
information about information security policies,
directives, standards and procedures to trading
partners and other organisations that they interact
with for operational or commercial reasons;
• Implementation of a business enabling
information security; and
• Use by organisations to provide relevant
information about information security to customers.”
The information security controls from ISO 17799:2005
are noted in an appendix to ISO 27001, rather
like a menu. Organizations adopting ISO 27001
are free to choose whichever specific information
security controls are applicable to their particular
information security situations, drawing on those
listed in the menu and potentially supplementing
them with other a la carte options. As with ISO
17799, the key to selecting applicable controls
is to undertake a comprehensive assessment of
the organization’s information security
risks.
Who can adopt ISO/IEC 27001:2005 ?
This standard can be used by any organization, institution or a company. The standard is meant for any company that uses Internal or External Computer Systems, possesses / processes confidential data, depends on information technology to carry out its business activities, or simply wishes to adopt information security.
Organizations like Banks, Call Centres, IT companies, Tax offices, Automobile Manufacturing Companies, Consultancy Firms, Research and Development institutions, Hospitals, Schools,
Universities, Examination Boards, Finance and Insurance companies need ISMS in place.
|
|
| |
|
|
|
|
