Nacházíte se na stránkách firmy Risk Analysis Consultants.
 
RAC Common Information CenterInfoCenter
Services
Solutions
CRAMMCRAMM
Information Security ManagementISMS/27K
RAMSES
Audit and ControlRAC Questor
RAC PPP
RAC ISSEC
ISMSRAC ISMS
RAC CISS
RAC IDR
PAS 56
ServicesRAC ISTC
RAC BCMS
RAC BASEL II
QualysGuardQualysGuard
Cyber-Ark
Forensics Institute
eFIS Lab

Risk Analysis Consultants
 
Jste zde: Solutions > ISMS/27K Přepnutí na českou verzi

ISMS: ISO/IEC 27001 and ISO/IEC 27002 standards

Information Security Management System (ISMS) is part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. Requirements for Information Security Systems are set in the Information Security Standard, originally published by the British Standards Institution. The Standard is published in two parts:

  • ISO/IEC 27001, Information Security Management Systems - Requirements
  • ISO/IEC 27002, Code of practice for Information Security Management
ISO/IEC 27001 defines a management framework for identifying security requirements and applying the best practice controls on information security management. ISO/IEC 27002 defines these best practice controls and recommendations for use by those who are responsible for initiating, implementing or maintaining security within their organization.

An organization's Information Security Management System (ISMS) may opt to be formally certified for compliance with ISO/IEC 27001 by means of an assessment by an independent third party, an Accredited Certification Body. The normal life of a ISMS certification is three years. During this period valid ISMS certificate must be annually confirmed by passing periodic ISMS audit.

RAC will assist your organization in implementation of your ISMS or in preparation for periodic or certification ISMS audit.
Our consulting services range from assisting in performing security policy development and review, information risk assessment, control selection, ISMS documentation development including SoA and on-going monitoring , measuring and review. At the end of a successful ISMS implementation your organization will be in compliance with ISO/IEC 27001 and, if required, can seek third party certification.

RAC ISMS consulting team includes qualified ISMS consultants, whose qualifications range from certified ISO/IEC 27001 Lead Auditor, and professional accreditations like CISSP (Certified Information System Security Professional) as well as CISA (Certified Information System Auditor).





The key concept of information security management systems (ISMS) is that an organization is to equivalently maintain and improve confidentiality, integrity, and availability of its information assets that should be protected by the organization.
RAC has an extensive experince in preparing organizations for ISMS certification.

RAC is authorized to translate into Czech and publish the standards for ISMS BS ISO/IEC 27001 & BS ISO/IEC 27002 .


11 main security categories
  • security policy
  • organization of information security
  • asset management
  • human resources security
  • physical and environmental security
  • communications and operations management
  • access control
  • information systems acquisition, development and maintenance
  • information security incident management
  • business continuity planning
  • compliance

Related links

Download
RAC ISMS (432kb)
Conditions for use | Privacy Protection | IMS Policy © 2012 Risk Analysis Consultants