Home Mail us Contact Us
   
ISO 9001 :2008
ISO 14001 :2004
OHSAS 18001 :2007
ISO 22000 :2005
ISO 13485 :2003
ISO 20000 :2005
ISO 27001 :2005
NABH Training
Third Party Audit Training
Internal Audit Training Program
  ISO 27001 – Information Security Management System(ISMS)
 
 
What is Information?
Information is an asset which is essential to an organization’s business and it needs to be protected. Protection is vital in the increasingly interconnected business environment. Interconnectivity leads to information being exposed to growing number and wider variety of threats and vulnerabilities. Forms of information are - printed, written, stored electronically, transmitted by post, email etc.
 
 
 
   
  What is Information Security?
   
 

Information security is the protection of information to ensure:

• Confidentiality: ensuring that the information is accessible only to those authorized to access it.
• Integrity: ensuring that the information is accurate and complete and that the information is not
modified without authorization.
• Availability: ensuring that the information is accessible to authorized users when required.
Information security is achieved by applying a suitable set of controls (policies, processes, procedures, organizational structures, and software and hardware functions).

Information Security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. Information security is achieved by implementing a suitable set of controls, policies, processes, procedures, organizational structures and software and hardware functions – to ensure that the specific security and business objectives are met.
   
  What is Information Security Management System (ISMS)?
   
  An Information Security Management System (ISMS) is way to protect and manage information based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security.

ISO/IEC publishes two standards that focus on an organization’s ISMS:
• The code of practice standard: ISO/IEC 27002. This standard can be used as a
starting point for developing an ISMS. It provides guidance for planning and implementing a program to protect information assets. It also provides a list of controls (safeguards) that you can consider implementing as part of your ISMS.
• The management system standard: ISO/IEC 27001. This standard is the specification for an ISMS. It explains how to apply ISO/IEC 27002 (ISO/IEC 17799). It provides the standard against which certification is performed, including a list of required documents. An organization that seeks
certification of its ISMS is examined against this standard.

   
 
  Powered By