The Information Security Management System (ISMS) ensures confidentiality, integrity and availability of all the goods which serve as information depositories within an organization.
Implementing an ISMS according to ISO /CEI 27001:2006 ensures long term security, through implementation of policies, procedures and methods of security destined to protect the information and resources of organizations; a functional and effective ISMS leads to significant risk reduction, therefore fulfilling the operational requirements of the organization, the expectations of the clients and complying with the legal requirements.
By identifying the security controls – which represent the starting point for information security – ISMS serves as a basic tool to any organization who chooses to protect its information – regardless of its size, field of activity or sector in which it operates (public or private).
ISO/ CEI 27001:2006 is aligned both to ISO 9001, ISO 14001 and ISO 20000; therefore, the systems can be documented and implemented in an integrated manner, to reduce significantly the implementation costs and/or the costs with conformity certification.
Put on short:
- It contains 11 detailed stipulations about controls, with a total of 39 control objectives referring to 133 controls (these are presented in Annex A (normative)
- Management standard (not technical!)
- Describes the requirements for the information security management systems.
- Neutral from a technological perspective.
- Applicable to all categories of organizations.
- Adequate also to small size organizations.
In order to design, document and implement this type of system in your organization, ACTA delivers upon request the following services:
- Diagnose audit:
- Organization processes audit;
- Evaluation of the information system;
- Testing the information system;
- Status report and recommendations;
- System design and documentation (policies, procedures, manual, forms and instructions);
- Business continuity and disaster recovery plan;
- Implementation (internal communication, training;
- Periodical internal audit;
- Penetration tests (social engineering, ethical hacking, etc)
- Support in preparing for the certification audit;