C S M

CSM ISMS (Information Security Management System)

OVERVIEW

ISMS – ISO 27001 is an accredited standard for management compliance. The standard applies to any organisation of any size, nature of business can adopt the requirements and seek a formal certification. The standard was release on 25th September 2013 as an update to the old standard ISO 27001:2005 which now stands replaced.

TRENDS IN ADAPTATION

ISO 27001: 2013 has seen widespread adaptation since 2005. Information security has become an emerging concept to be adopted in management systems where huge amount of customer data base are maintained , used and need to be timely retrieved . Information Security Management System ( ISMS ) ISO 27001:2013 focuses specially on safe and secured data & information throughout operation .

MANAGEMENT SYSTEM CONTROLS (CLAUSE 4 TO 10)

Clause 1 – Scope
Clause 2 – Normative references
Clause 3 – Terms and definitions
Clause 4 – Context of the organisation
Clause 5 – Leadership
Clause 6 – Planning
Clause 7 – Support
Clause 8 – Operation
Clause 9 – Performance Evaluation
Clause 10 – Improvement

A) CSM is having a team of experts for providing consultancy services to its esteem clients through the major area given herein below :

1) Gap Analysis ( gap between present situation and ISO 27001:2013 standard requirements ) and the report will be placed to the management;
2) Help in selection of management representative or information security administrator ;
3) Help in developing ‘statement of applicability ’ based on the prevailing working pattern of an organization;
4) Help in framing of ISMS Policy and other security policies based on the prevailing products & services of an organization;
5) Help in framing of ISMS objectives parameters that are derived from ISMS policy of an organization;
6) Help in determining the vulnerable area in the information management system;
7) Help in developing a mechanism to reduce risk in information management ;
8) Help in developing effective and comprehensive risk treatment approach ;
9) Help in developing effective asset management & access control ;
10) Help in developing cryptography and methods of using it ;
11) Help in developing & determining the human resources security, physical & environmental security, operational security, communication security ;
12) Help in carrying out penetration testing of information management system ;
13) Help in developing an integrated methods of supplier relationship;
14) Help in framing out of Information security aspects of business continuity management;
15) Help in developing a method of compliance management;
16) Conducting an awareness Training on Information Security Management System ;
17) Conducting an internal audit programme on Information Security Management System ;
18) Help in conducting cross departmental internal audit & management review meeting ;
19) Assisting during the external audit processes and post audit coordination ;
20) Supporting the system to get a gradual improvement in the system throughout the year .

B) By implementation of ISMS with the help of CSM supports , an organization can have so many direct benefits some of them are mentioned herein below :

1) Building customer trust and confidence in the market ;
2) Opportunity to enhance market share gradually ;
3) Establishing preferences in the market among the competitors;
4) Ensuring safe handling and protection of customer data base / customers’ intellectual properties ;
5) Ensuring better security systems to protect any kind of illegal /unauthorized penetration into the system;
6) Building an image in national & international market for any JV /collaboration /capacity building projects;
7) Establishing and maintaining a continuous surveillance systems to the information security management .

C) Deliverables that we provide through our services :

8) Gap Analysis reports ;
9) ISMS apex Manual including ISMS Policy , other policies & ISMS Objectives ;
10) Statement of Applicability ;
11) Vulnerability Assessment reports;
12) Risk assessment & Risk Treatment reports ;
13) Relevant Procedures and SOPs , Work Instruction & Check List ;
14) Internal audit reports /summery .

Leave a Reply

Your email address will not be published. Required fields are marked *