Information Security Management System (ISMS)
Information Security Management System (ISMS) is a management system which helps companies manage day-to-day information security issues in a systematic way.
The ISO/IEC 27001 standard specifies the requirements needed to implement an effective Information Security Management System (ISMS) in an organization. The organization is assessed and registered based on the specifications.
ISO/IEC 27002 (ISO/IEC 17799:2005) takes the form of guidance notes and recommendations for an organization to initiate, implement and maintain information security in their organization. It contains over 100 security controls to help companies identify elements of the business that impact on information security.
Since Nov 2001, TÜV SÜD PSB has certified numerous companies to the ISMS Certification.
The information security best practices are organized into 11 domains or sections while the certification process typically involves 6 steps.
1. Security policy
2. Organization of information security
3. Asset management
4. Human resources security
5. Physical and environmental security
6. Communications and operations management
7. Access control
8. Information acquisition, development and maintenance
9. Information security incident management
10. Business continuity management
11. Compliance
Steps to achieve ISMS Certification
- Develop an information security policy and identify your organization's key information assets. Study the standard, ISO/IEC 27001 & ISO/IEC 27002 (ISO/IEC 17799:2005) to understand the requirements.
- Carry out a risk assessment, document and implement your ISMS. Training of staff will be critical to ensure a successful implementation.
- Conduct internal audit and management review to assess the effectiveness of your ISMS.
- Once a management system is fully implemented and in place, you can get your ISMS certification from TUV SUD PSB.
- Assessment conducted by TÜV SÜD PSB audit team to the standard BS 7799 Part 2 covering desktop assessment of the ISMS framework documentation; a preliminary assessment and a certification assessment.
|
Your advantages:
|
- We provide objective recommendations for ongoing continuous improvement.
- We focus on the effectiveness of the system and its practicality in the local environment.
- We are a highly professional, independent, impartial and unbiased certification body.
- We have a qualified and experienced pool of auditors around the ASEAN region.
- The TÜV SÜD PSB certificate is recognized and accepted internationally.
|
"The management understands the importance of impartiality in our certification of management systems. We will use all reasonable efforts to manage all possible conflicts of interest and ensure objectivity of our certification services".