|
What is an ISMS
The ISMS provides a framework to establish, implement, operate, monitor, review, maintain and improve the information security within an organisation.
The ISMS provides means to manage risks and handle incidents that suit your business activity.
|
|
Why do you need an ISMS
Today’s global economy relies heavily on the use of electronic information and information technology. A successful business must have the right information at the right time in order to make well-informed decisions. Not only is information the key to business success but the protection of this information is equally important. The issue of information security concerns organisations of all sizes and from all sectors, with an identical problem – their inherent vulnerability. No matter how secure and well protected an organisation appears to be, the risk of sensitive information being leaked out is always present. All types of information, whether paper-based or on a computer disk, is at risk Compromising on the confidentiality, integrity and availability of an organisation’s information assets may have adverse effects including the risk of financial losses
| Standards
MS ISO/IEC 27001 - Information Technology – Security Techniques - Information Security Management System
This standard was adopted to address the topic of information security management. The ISMS provides a framework to initiate, implement, maintain and manage information security within an organisation. It also preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
MS ISO/IEC 27002 - Information Technology – Security Techniques - Code of Practice for Information Security Management
This standard is designed for organisations to use as a reference for selecting controls within the process of implementing an Information Security Management System based on ISO/IEC 27001 or as a guidance document for organisations implementing commonly accepted Information Security Controls. It can be regarded as a comprehensive catalogue of good security things to do.
Both Standards are on sale at the Mauritius Standards Bureau
|
|
Certification Process of ISMS
Certification
1. Setup the ISMS as per guidelines set by ISO/IEC 27002
2. Apply for certification to MSB.
3. Free awareness to orhanisations's staff on the ISO/IEC 27001
4. Documentation review and evaluation of clients's readiness.
5. Implementation audit and evaluate effectiveness of client's systems.
6. Lead Auditor's recommendation to certify.
7. Certificate issued by certification/registration body.
Surveillance
1. Periodic review audits
2. Reassessment - after three years
