Information Security ISO 27001

ISO/IEC 27001 provides requirements for organizations seeking to establish, implement, maintain and continually improve an information security management system (ISMS). This framework serves as a guideline towards continually reviewing the safety of your information, which will exemplify reliability and add value to services of your organization.

ISO/IEC 27001 and its supporting document, ISO/IEC 27002 (ISO/IEC 17799), detail 133 security measures, which are organized into 11 sections and 39 control objectives. These sections specify the best practices for -
  • Business continuity planning
  • System access control
  • System acquisition, development and maintenance
  • Physical and environmental security
  • Compliance
  • Information security incident management
  • Personnel security
  • Security organization
  • Communication and operations management
  • Asset classification and control

Why is ISO 27001 important to you?

Organisations that had individuals certified against ISO/IEC 27001 involved in their
business processes provided the following stats:

benefits

52%

Characterize certifying to ISO/IEC 27001 as "an investment that is fully justified by the benefits"

Security posture

69%

To improve the Information Security posture

competitive advantage

56%

To gain a competitive advantage

regulatory compliance

55%

To ensure legal and regulatory compliance

Our Process

ISO 27001 requires a company to establish, implement and maintain a continuous improvement approach to manage its ISMS (Information Security Management System). As with any other ISO compliance, ISO 27001 follows the plan-do-check-act (PDCA) cycle and so do we, as shown below.

PDCA Cycle and Respective Implementation

Plan

  1. Identify business objectives.
  2. Obtain management support.
  3. Select the proper scope of implementation.
  4. Define a method of risk assessment
  5. Prepare an inventory of information assets to protect, and rank assets according to risk classification based on risk assessment.

Do

  1. Manage the risks, and create a risk treatment plan.
  2. Set up policies and procedures to control risks.
  3. Allocate resources, and train the staff.

Check

  1. Monitor the implementation of the ISMS.
  2. Prepare for the certification audit.

Act

  1. Conduct periodic reassessment audits:
    • Continual improvement
    • Corrective action
    • Preventive action

General Data Protection Regulation

The EU’s GDPR is a regulation that the European Union intended to harmonize data protection and data privacy laws throughout the member states of the EU. This regulation was adopted on April 27, 2016, and is enforceable from May 25, 2018.

The GDPR takes the 28 implementations of the EU’s 1995 Data Protection Directive and combines them into a single, updated data protection regulation across all EU member states.

The GDPR equips member states to enforce this regulation by each nation’s data protection authorities (DPAs). The GDPR also imposes strict penalties on organizations that fail to comply.

Why is GDPR important for you?

For violations of most technical rules, up to 2 percent of the global annual turnover or €10 million, whichever is higher.

For violations of the basic principles, and under aggravating circumstances, such as failure to comply with data protection authorities’ instructions, repeat violations, or unauthorized international data transfers, a higher penalty of 4 percent of the global annual turnover or €20 million, whichever is higher, can be levied.

Our Process

ISO 27001 requires a company to establish, implement and maintain a continuous improvement approach to manage its ISMS (Information Security Management System). As with any other ISO compliance, ISO 27001 follows the plan-do-check-act (PDCA) cycle and so do we, as shown below.

GDPR provisions

Assess

Assess your current data privacy stature under all of the GDPR provisions. Discover where protected information is located in your enterprise.

GDPR roadmap

Design

Develop a GDPR roadmap and implementation plan. Use the findings in the assess phase to develop next-step activities and help reduce risk in the enterprise.

GDPR strategy

Implement

Implement and execute the controls in your GDPR strategy, including policies, programs and technologies. Transform the enterprise to be GDPR-ready.

GDPR governance

maintain

Manage your GDPR governance practices through the use of GDPR-specific metrics. Understand how the enterprise is mitigating risks. Begin executive level and board reporting.

GDPR practices

Conform

Enhance and refine your GDPR practices, identifying areas of concern and address as necessary. Effectively manage your controller/processor relationships and understand if associated technical and organizational measures (TOMs) are being followed.