About ISO 27001-Information Security Management System (ISMS)

ISO 27001 Information security systems really helps all enterprises and manufactures to manage their information security management and later to the customer needs in the most apt and efficient manner. It has gives the business edge orders others in the competitive business world.

 

The selection of fool proof security controls to protect Information Assets and to instill confidence among customers is the need of the hour for many commercial establishments, government agencies, nonprofit organizations etc.

 

ISO 27001 is an information security management standard designed to provide organizations a means for presenting clients, partners and regulators with proof that organizations strictly adhere to an internationally recognized set of information security controls. With reference to its sister document, ISO 17799: 2005, describes 133 best practices for information security management, along with implementation advice. Simultaneously, these two standards creates a certifiable framework for protecting information assets. 

 

ISO 27001 Information security management systems provides a very optimistic results in each and every enterprises and manufactures to manage and control their information security management and at the same time it is also focuses to the customer needs in the most apt and efficient manner. It produces the business edge orders in a very competitive business world.

 

The organization must be able to choose an appropriate and well-advanced security tools to continuously protect the companies information asset, this will also instill confidence amongst customers which is highly demanded for many commercial establishments, government agencies, nonprofit organizations, etc., 

ISO 27001 certifications is handled by Nbiz in a very efficient manner in Dubai,UAEand GCC

An empowered and improved dependability on security of systems has ensured through the ISO 27001 that the organization can strictly control the systems in place. They can maintain the system availability and minimize the risk of vulnerabilities being exploited.  

 

Main Highlights

ISO 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) for any organization, regardless of type or size/scale or nature of business.

 

The IT department is the main focus of ISO 27001:2013 implementation on every organization, but the standard involves areas in the entire organization as well. The main driver, sponsor, and promoter of the change must be the company's management, while its IT is mainly responsible for its execution. In addition to management and IT, other departments must also be actively involved as well as suppliers, outsourcing and, last but not least, employees to continuously achieve the implementation of the standards within the organization including the third parties. 

 

 

ISO/IEC 27001 is the only auditable international standard which defines and specifies the requirements for an Information Security Management System (ISMS). The standard is designed to ensure that the selection of adequate and proportionate security controls will be implemented and maintained throughout the organization at all levels.

 

The standard offers a business-led approach to the best practice for information security management in your organisation.

 

Brief about the ISO standard

Any identified risks associated/related within an organization's information assets need to be properly addressed with a corrective action. Achieving the results from an information security aspect requires the management of risks to encompass the risks which are physically related to human and technology threats or will any form of information that is being used within the organization.

 

The organizations can be benefited with a cost-effective and consistent information security on the implementation of the standards. All divisions and departments within the organization shall be involved in developing their own security guidelines to drive the awareness throughout all levels.  The standard will have a consistent approach to security by creating uniform policies incorporating industries best practices. 

 

ISO 27001 Standards

Establish the context on the following areas during the planning phase: 

  • Initiator/driver of the organizations for implementing Information Security primarily as a business need.
  • Identify the alignment of the ISMS scope and policy for implementation and maintaining it for all levels within the organization.
  • Methodology/Approach to risk management considering the best practices within this standard.

Risk Identification and assessment

  • Identify, analyze and evaluate risks

Manage the risk is being performed in the 2nd Phase:

  • Identify and evaluate options for managing the risks
  • Select controls and objectives
  • Controls for the treatment and management of risk
  • Statement of applicability

Monitor and Review Phase is covered in the 3rd Phase as the continual improvement will be the key element on the above phases.

Improved ISMS is on the Act Phase:

  • Identify improvements in the ISMS and implements them
  • Take appropriate corrective and preventive actions 
  • Communicate and consult management including the top-level management, stakeholders, users, etc.

 

 

 

 

  • doodles

    Boosts your company image

  • doodles

    Dependability of Information and Information systems

  • doodles

    Improve organizations efficiency and effectiveness

  • doodles

    Reducing the likelihood of information misuse.

  • doodles

    Compliance with legal, statutory, regulatory and contractual requirements

  • doodles

    Improved corporate governance and assurance to stake holders

  • doodles

    Risk Assessment performed

  • doodles

    Threats, vulnerability and likelihood of occurrence are evaluated and Impact reduced


BAS 4P methodology is the way of standardizing the client process and procedure in a systematic way. The 4P enables BAS and client to go through a series of activities that leads to certifications. The 4P methodology deeply analyze and reviews the process and procedure within the organization and improves overall performance of the organization and finally get certified. 
BAS implements the following activities.

 

bas-methodology

 

PREPARE

Understand the context

  • Capture and review business goals to understand the context and client.
  • Determine goals of the assessment of the client by questionnaire, interviews etc.
  • Identify key stakeholders.
  • Determine the scope (functional areas, geographical coverage etc) and timeline.
  • Finalize scope, timeline and resource needs.
  • Confirm approach and seek client commitment.
  • Mobilize the Assessment project team.
  • Schedule interviews.
  • Hold a kick-off meeting.
  •  

PERFORM

Gather Data

  • Gather and Analyze/Review existing documentation, portals, past audit reports, forms, metrics, data etc and understand how the operations is compliance with standards.
  • Conduct interviews and workshops.
  • Document survey results and preliminary ratings if any.
  • Document preliminary findings.
  • Assess environment and, gaining evidentiary support from interviews and documents.
  • Identify key issues and challenges and seek agreements from stakeholders
  • Implement and improve process and procedures

 

PRESENT

Develop Recommendations

  • Identify opportunities to overcome identified issues and/or reach maturity levels.
  • Prioritize alternatives.
  • Develop recommendations and near-term timeline.
  • Prepare final report.
  • Preview final report with stakeholders and update as required.
  • Present final report.

 

PURSUE

Continual Improvement 

  • Follow up with the organization and analyze the how the organization is compliance with the standards
  • Check with the organization that the standards are being implemented and maintained.
  • Evaluate the continual fulfillment and improvement of all the required and relevant documents.

 

Certification Details

 

BAS is a versatile ISO certification body, with various industrial expertise and strong exposures in the field of Quality, Health, Safety and Environmental, Service Management and Information Security Management. We provide reliable services in the UK, Middle East, India and Other countries.

 

We at BAS with our veteran assessors provide you with certification which provides value for your management system. Many clients around the world have greatly benefited through our exemplary service. 

 

The following are the steps in this phase we do as part of certification

 

Contract signature

BAS representative sends out an application which is a questionnaire to the organization which is the applicant for the Certification.

Once BAS receives the filled in application, the BAS representative sends an official quote to the applicant for approval.

 

Pre-audit (optional):

Gap analysis and diagnosis of your systems current position against requirements of the standard - A pre-certification audit is a high level evaluation indicating where your company currently stands in compliance with specific standards before the main certification audit. 

 

Audit Stage 1- Initial Visit: to verify the establishment and implementation of the basic structure of your Management System

 

BAS will carry out a Document review Assessment of the clients Management System according to the requirements of  Standard in order to establish to what extent the System addresses the requirements of the standard and if a subsequent Initial Assessment for Accredited Certificate is likely to result in successful certification at an early stage, by which usually companies take the necessary corrective/preventive actions as appropriate and prior to the Initial Assessment. The Pre-audit should not be considered as a Consultancy Service

 

Audit Stage 2 - Certification audit (certificate issued after successful certification audit)

 

The principal purpose of the Initial Assessment is to audit the Companys Management Systems for compliance with the the standard. Please note that Initial Assessment is the obligatory service.   In this phase if there are any opportunities for improvements identified BAS auditors would report them in the interest of the organization.  

 

Surveillance audits to follow the continual improvement

 

It is also an obligatory service; BAS will perform Surveillance Visit approximately after every year i.e. a total of 3 Surveillance Visits will be performed every year during the 3 years validation period of the Certificate. Such routine surveillance Visits are performed to ensure the continuous compliance of your Management System to the requirements of  Standards.

 

Re-certification after 3 years through full audit or continual assessment.

What we do?

  • BAS can assist your organization to acquire any relevant ISO certifications in UAE which is well-known internationally. It will generate additional business opportunities, exhibit the organizations compliance and commitment to the best-practices in any industries in order to be more competitive in todays market.
  • We at BAS with our veteran assessors provide you with certification which provides value for your management system. Many clients around the world have greatly benefited through our exemplary service.
  • When you choose BAS as your certification partner you stand to gain monetarily in your business by our straight forward assessment. The overall aim of certification is to give confidence to all parties that a management system fulfills specified requirements. The value of certification is the degree of public confidence and trust that is established by an Impartial and competent assessment by a third party. 
  • With BAS, you will have the capability to deliver on the promises you make this helps you to enhance your     reputation, creates confidence in your capabilities, substantiates claims and differentiates your     organization; 
  • With BAS,  Obtains the full tangible benefits and value of your management systems this helps you to     link assessment system benefits to financial performance or improvements in effectiveness     and efficiency that help drive your business forward in  measurable and verifiable ways; and develops your capability to better manage a range of non-financial risks. 
  • As an integral part of this process, BAS will evaluate the relevance of the quality objectives against the analysis of stakeholder expectations and strategic goals of the company. We will assess the capability of the management system in controlling the defined processes. We will assess the effectiveness of the management decision making in respect to this data and, on the basis of this assessment, we will help senior management identify any changes required to support continual improvement. 
  • Providing more opportunities for improvements than just performing a compliance audit against the standards requirements.  
  • Understand the local culture and working patterns of the clients will facilitate better communication and understanding between BAS and the clients.
  • BAS possesses resources who have the knowledge and skills of multiple standards such as ISO 20000, ISO 27001, SKEA for eg., in Abu Dhabi for Business Excellence programs etc.,. This greatly helps the clients to have better inputs as the standards can be applied in an integrated way and the auditors can provide a holistic feedback. 
  • BAS has offices around the world and the auditors  have access to the knowledge from all around the global parts which will be helpful to the clients as they can have a better understanding and more practical suggestions from BAS auditors.
  • BAS location advantage within the Emirates on the following: Abu Dhabi, Dubai, Al Ain, Sharja, Ajman, Ras Al Kaimah and Fujairah (We have successfully completed many and different projects locally and also internationally).
  • BAS strongly promotes and implements the facilitations on the relevant Management System not only for the sake of certification but to really make a difference in the processes and procedures that will be implemented throughout any organization.
  • BAS consist of some project members which are also EFQM International Assessors this can add value to the assignment as Abu Dhabi government is highly recommending Organizational Excellence program across Abu Dhabi Emirate (and UAE).

Back to Top