iso 27001 consultant pune india



For Enquiry & Information


SMS: <ISO> 9423005866






Send Enquiry
Enter your contact number

ISO 27001:2005 Consultants In Pune India

ISO 27001:2005 - Information Security Management System

ISO 27001 is the formal standard against which organizations may seek independent certification of their Information Security Management Systems (meaning their frameworks to design, implement, manage, maintain and enforce information security processes and controls systematically and consistently throughout the organizations).
The standard covers all types of organizations (e.g. commercial enterprises, government agencies and non-profit organizations). It specifies the requirements for establishing; implementing, operating, monitoring, reviewing, maintaining and improving documented ISMS within the context of the organization's overall risk management processes. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
ISO 27001 ISMS
 ISO 27001 provides an ISMS model for adequate and proportionate security controls to protect information assets and give confidence to interested parties.
According to SC27, the ISO committee responsible for the ISO/IEC 27000 series and related standards, ISO 27001 is intended to be suitable for several different types of use, including:

Use within organisations to formulate security requirements and objectives;
Use within organisations as a way to ensure that security risks are cost-effectively managed;
Use within organisations to ensure compliance with laws and regulations;
Use within an organisation as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organisation are met;
The definition of new information security management processes;
Identification and clarification of existing information security management processes;
Use by the management of organisations to determine the status of information security management activities;
Use by the internal and external auditors of organisations to demonstrate the information security policies, directives and standards adopted by an organisation and determine the degree of compliance with those policies, directives and standards;
Use by organisations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organisations that they interact with for operational or commercial reasons;
Implementation of a business enabling information security; and
Use by organisations to provide relevant information about information security to customers.
The information security controls from ISO 17799:2005 are noted in an appendix to ISO 27001, rather like a menu. Organizations adopting ISO 27001 are free to choose whichever specific information security controls are applicable to their particular information security situations, drawing on those listed in the menu and potentially supplementing them with other a la carte options. As with ISO 17799, the key to selecting applicable controls is to undertake a comprehensive assessment of the organization's information security risks.

Who can adopt ISO/IEC 27001:2005 ?

This standard can be used by any organization, institution or a company. The standard is meant for any company that uses Internal or External Computer Systems, possesses / processes confidential data, depends on information technology to carry out its business activities, or simply wishes to adopt information security.

Organizations like Banks, Call Centres, IT companies, Tax offices, Automobile Manufacturing Companies, Consultancy Firms, Research and Development institutions, Hospitals, Schools,

Universities, Examination Boards, Finance and Insurance companies need ISMS in place.