ISMS and ISO/IEC 27001 Standard

ISO/IEC 27001 is the first international standard for Information Security Management.  

The standard evolved from earlier BS7799 and is one of the most prominent certifications for global organizations. It is one of the most sought-after certification scheme for global organizations as part of their risk management and assurance framework. 

Information being one of the most valued organizational asset, having a robust ISMS in place ensures that this asset is protected.

 

Being certified for this standard demonstrates the capability of the organization to ensure a level of information Security on par with global organizations. It  gives a huge boost of confidence for business partners and customers who invariably have to share their information assets with the organization.

ISO/IEC 27001:2005 standard lays down the specifications that need to be adopted by an organization in order to demonstrate its ability to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented Information Security Management System (ISMS) that will ensure effective and efficient protection of its information assets.

 

ISO 27001 Standard – Structure:

 

 

 Wings2i has been a preferred knowledge partner to global and regional organizations on ISO/IEC 27001 certifications

 

Wings2i’s role:

Wings2i partner with our clients as the knowledge partner to provide the essential support and facilitation towards the certification:

  • Subject matter expertise and guidance
  • Baseline assessment and development of roadmap
  • End-to-end guidance, advisory services and facilitation

We partner with our customers in the end-to-end certification journey through the key phases as shown below:

 

Our strength:

Our consultants with cross-domain exposure and experience assist you in your quest for adoption of and certification against the chosen standard(s). With a combined expertise of Assessing, implementation and auditing, our consultants will ensure that the organization reaches the level to achieve the certification in the most effective and efficient manner, as well as establish a capability to sustain the improvements.

Our approach of having consultants for distinct capability requirements (such as consulting/implementation and internal audit) brings in a new dimension and control aspect to our client engagements. With all our consultants being cross-trained and experienced on multiple standards, the capability to integrate among standards is enhanced and a holistic approach to standards adoptions and certifications is easily achieved.

Our experience and working relationship with most of the recognized Registered certifying bodies (RCB) makes the whole certification process smooth, time-bound and cost –effective to our clients.

Our managed services for maintenance of standard, helps organizations rest assured that the management system implemented would be sustained for achieving the long term business objectives. (Refer to our managed Services page for further details)

 

ISMS & ISO/IEC 27001 Managed Service – Deliverables:

Managed services - Deliverables: Periodic or on-going
A tailor-made and scalable package to suit the organization requirements with hand-picked and customized deliverables from:
  • Information Security Awareness creation and enhancement

  • Management & Maintenance ISMS documentations

  • Risk Assessment and treatment

  • Vulnerability Assessment and Penetration Testing – Systems, Infrastructure & Applications

  • Implementation and maintenance of identified Information Security Controls

  • Internal audits, recommendations, corrective/preventive actions

  • Management reviews

  • Business Impact Analysis, Risk assessment and Continuity planning

  • Guidance and facilitation of Continuity plan implementation, maintenance, periodic testing etc

  • Facilitation, coordination and support for Security Monitoring and Incident management

Other specific certification and compliance areas where Wings2i have proven expertise and knowledge leadership are:

 

 

 

Related Managed Services and Deliverables