What & Why?
Having a systematic approach to information security is the key to its success in any kind of an organization. It helps to anticipate threats the organization's information assets and plan to mitigate them ahead of their actual realization and resulting in damage to the assets. The best policy to follow in such a case is to adopt internationally accepted best practices instead of "reinventing the wheel". ISO 27001 is the most universally accepted standard for Information Security the world over.
ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls based on the risks the organization is exposed to.
This helps implementing organizations to protect your information assets by eliminating vulnerabilities and give confidence to any interested parties, especially your customers. It is great tool for the identification and compliance with all applicable legislation. It brings consistency in the entire organization's approach to information security making it highly manageable, whatever be the scale of operations of the organization. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the ISMS.
intiGrow provides assistance in the implementation of the ISO 27001 framework. With a team experienced information security professionals who are also ISO 27001 certified Lead Implementers / Auditors, we have an in depth understanding of the standard. Our implementation strategy is based on a phased approach:
Phase 1: Gap Analysis – intiGrow security professionals will conduct an analysis of gaps in your current system against the requirements of ISO 27001 including a physical security review. The observations will be compiled into a report defining your level of compliance and will be used to consolidate the risk treatment plan for the compilation of the Control Implementation Strategy.
Phase 2: Risk Assessment – This is the most crucial phase of the implementation, wherein, an asset register containing all the information assets of the organization is built. This involves meetings and discussions with the key stake holders of the organization. A comprehensive risk assessment is then conducted on the critical information assets, based on which appropriate controls to mitigate the identified risks are selected.
Phase 3: Risk Treatment – During this phase intiGrow will formulate a strategy for the implementation of the controls selected in the previous phase. Also during this phase all the documentation pertaining to the ISMS will be developed. This will include the formulation of Information Security Policies & various procedures supporting the policies. The policies and procedures shall address the risks identified during the risk assessment phase.
Phase 4: Control Implementation – The implementation roadmap, which is the outcome of the previous phase will guide the client organization's implementation team in the implementation of the identified controls. During this phase intiGrow consultants will advise and guide the implementation team.
Phase 5: ISMS Readiness Review – This phase will review the readiness of the client to achieve ISO 27001 certification. intiGrow team will guide and prepare the client's audit team to conduct internal audits. The audit results will be evaluated and gaps, if found will be closed by the client's implementation team with guidance from intiGrow consultants.
Phase 6: Certification audit – The client will face the certification body's team of auditors. intiGrow consultants will hand hold the client's team during the audit. We will assist the client in the closure of any Non Conformities or observations noted by the external auditors and help the client in achieving the ISO 27001 certification.