Information Security Management System ( (JAS-ANZ Registered Certification)
What is it?
Information Security Management System (ISMS) is based on ISO/IEC 27001:2013.
What are the benefits?
Information drives business in today’s networked environment. Information includes data files on computer hard disks, paper, telephone conversations and mobile equipment. Having physical and technical security is the first step but is not enough with new threats occuring every day. In addition there are multiple regulatory requirements on security. Identifying the information security requirements and protecting the confidentiality, integrity & availability of business information is vital for business survival. At the same time, having too many controls may not be cost effective. Therefore an information security risk assessment followed by selection of appropriate controls strikes a balance between risks and controls to enable business growth.
An information security management system (ISMS) based on ISO/IEC 27001:2013 includes information security risk assessment, the selection of appropriate controls to
mitigate the risks to an acceptable level and the Plan-Do-Check-Act model for continual improvement of security processes.
Our certification scheme is Process driven and risk based.
Our auditors have audited ISMS in different environments and industries; their findings may help continual improvement of your ISMS.
You may integrate ISMS with a Business Continuity Management System or IT Service Management System or both to reduce the total cost of compliance.
What other management systems integrate with this?
ISO 9001:2015 Quality Management
ISO/IEC 20000-1:2011 IT Service Management
ISO 22301:2012 Business Continuity Management
Compliance with legislation, for example, Data Protection Act / National Privacy Principles, APRA guidelines PPG 234 on Managing IT Security Risk.
How many have adopted this?
Nearly 40 organisations have adopted this in Australia and about 5000 worldwide.