ISO 27001:2013 Advisory & Certification


ISO/IEC 27001:2013 – INFORMATION SECURITY MANAGEMENT SYSTEM

Information Security Management System (ISMS) is a systematic approach to handle sensitive information being processed or stored in electronic or physical form.

ISO/IEC 27001:2013 is designed in such a manner that an organization of any size and industry can benefit from this standard.

The principle behind ISO 27001 is that an organization should development and implement a set of policies and procedures to streamline organizational processes while minimizing risks to acceptable levels appropriate to business.

MANDATORY REQUIREMENTS OF ISO/IEC 27001:2013

  • Context of the Organization
    • Understanding the organization and its context
    • Understanding the needs and expectations of interested parties
    • Determining the scope of the information security management system
    • Information security management system
  • Leadership
    • Leadership and management
    • Policy
    • Organizational roles, responsibilities and authorities
  • Planning
    • Actions to address risks and opportunities
    • Information security objectives and planning to achieve them
  • Support
    • Resource
    • Competence
    • Awareness
    • Communication
    • Documented Information
  • Operation
    • Operational planning and control
    • Information security risk assessment
    • Information security risk treatment
  • Performance Evaluation
    • Monitoring, measurement, analysis and evaluation
    • Internal audit
    • Management review
  • Improvement
    • Non-conformity and corrective action
    • Continual improvement

We help organizations with our 6 step approach for successful implementation of ISO/IEC 27001:2013:

 

For more information write to us: