ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS)
‘Information is an ASSET which, like other important business assets, has VALUE to an organization and consequently needs to be SUITABLY protected’ “Information Security Management System is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security’ ISMS always follows standard Plan-Do-Check-Act methodology.
The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.
The Do phase involves implementing and operating the controls.
The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
In the Act phase, changes are made where necessary to bring the ISMS back to peak performance
We will conduct stage 1 assessment at your location. It is an initial review of the management system. This preliminary round checks whether key documents not only exist but are complete in all respects. It also tests the organizations readiness for Stage II audit. In this assessment we may find weaknesses which need to be resolved before final assessment i.e. stage 2 assessments.