ISO 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
Information is the basis on which organisations conduct their business activities. Like other business assets, information is a valuable asset that must be appropriately protected. Information assets include digital information, paper documents, physical assets (computers and networks) including the knowledge of individual employees. The ISO 27001:2005 Information Security Management Systems standard provides a robust model for information security risk assessment, security design, implementation, and security management. The standard provides a comprehensive approach to ensure the selection of adequate and proportionate security controls that protect information assets and gives confidence to interested parties.
Information security is founded on risk management. Risks are managed by reducing their likelihood and or mitigating their business consequences. The objective of information security is to preserve an organisation’s information assets and the business processes they support in the context of:
Confidentiality – information is accessible only to those authorised to have access
Integrity – accuracy and completeness of information and processing methods are safeguarded
Availability – information is accessible and usable upon demand by those authorised
The possible consequences resulting from a loss of confidentiality, integrity, or availability, of assets are:
- Interruption of service
- Loss of customer confidence
- Damage to reputation
- Infringement of laws / regulations
- Financial losses
- Judicial proceedings and penalties
- Loss of effectiveness / trust
- Loss of technical reputation
Almir Business Services
Almir Business provides a practical and hands on approach to Information Security Management System consultancy. We offer a cost effective and value added focus and bring the knowledge and experience of proven systems.
Our services include:
- Gap Analysis - Check the current information security controls in place including the requirements of ISO 27001:2005
- Risk Assessment - Evaluate threats to, vulnerabilities of, and consequences on, information and information processing facilities
- Development - Select adequate and proportionate control objectives and controls for treatment of risks; prepare statement of applicability; establish procedures and the organisational structures necessary for the Information Security Management System
- Implementation - Put the Information Security Management System into practice
- Maintenance - Support and improve the Information Security Management System
Benefits
Implementing an ISO 27001:2005 Information Security Management System
- Provides an effective and recognised measure of how well your organisation manages its information security
- Demonstrates compliance to statutory, regulatory, customer and contractual requirements
- Reduces risk and damage to your company’s reputation, profitability or business interests due to loss of, or harm to sensitive information.
- Reduces the risk of embarrassment or loss of business arising from loss of, or damage to, another organisations sensitive or critical information
- Increases confidence with outsourcing arrangements
- Brings confidence to business partners who entrust their information into your care
ISO
