Information Security Management System
ISO 27001 is a Specification for the Management of Information Security. It is applicable to all sectors of industry and not confined to just information held on computers. Information may be printed or written on paper, stored electronically, transmitted by post or email, shown on films, or spoken in conversation. Whatever the media the information takes, or means by which it is shared or stored, the ISO 27001 standard assists in providing a system approach to an organization and ensures it is always appropriately protected.
ISO/IEC 27001:2013 Specifies the Requirements for Establishing, Implementing, Maintaining and Continually Improving an Information Security Management System within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
An effective information security management system based on ISO 27001 is one of the greatest needs of organizations. All data needs to be stored safely and only accessed by authorized personnel. If an organization can manage its data well it boots customers’ confidence in that organization. The ISO 27001:2013 documentation toolkit contains ISMS manual, procedures, SOPs, forms, quality plan and ISO 27001 Audit Checklist in an editable format.
ISO 27001 uses a topdown, risk-based approach and is technology-neutral. The specification defines a six-part planning process:
1. Define a security policy.
2. Define the scope of the ISMS.
3. Conduct a risk assessment.
4. Manage identified risks.
5. Select control objectives and controls to be implemented.
6. Prepare a statement of applicability.
Documents required for ISO 27001
All Documents should be Self Attested.
1. Personal PAN Card Copy.
2. AADHAR Card Copy.
3. Company Registration Copy or Incorporation Certificate or Electricity Bill.
4. Scope of Work on Company Letter Head (With any 1 Director).
5. Scope of the ISMS (Information Security Management System).
6. Information security policy and objectives.
7. Risk assessment and risk treatment methodology.
8. Risk assessment report.
9. Definition of security roles and responsibilities.
10. Inventory of assets.
11. Business continuity procedures.