Mandatory Documents And Records Required By Iso 27001:2013

By Author: Ascent Lanka
Total Articles: 1
Comment this article

Organisations are seeking to demonstrate to their stakeholders, business partners and customers some form of ‘fit for purpose’ assurance regarding their information security. A small gap in an information security management system may have dramatic consequences. Organisations need to define and maintain controls to avoid risk of leakage or destruction of confidential information. ISO/IEC 27001 gives information on measures, on what effects they have and how to implement them. The standard defines the desired best practice methods for controlling (Protecting) information – Confidentiality, Integrity & Availability. ISO/IEC 27001 compliance certificate provides assurance that the management system for information security is in place, but says little about the absolute state of information security within the organization.

Ascent Lanka understands all these issues and can perform the necessary assessment /Improvement to help you achieve ISO 27001:2013 Certification. Our information security expert’s work with you to create an information security program custom built to suit your business’s needs. Our experience ...
... and knowledge of the current IT security environment protect your business from all forms of risk including data breaches, disruption of services, and real world attacks. We bring your business into compliance, improve operational efficiency, and reduce costs.

What is ISO/IEC 27001?
ISO 27001, also known as ISO/IEC 27001, is an Information Security Management System (ISMS) standard created by the International Organization for Standardization (ISO). It is a formal set of guidelines and specifications for organizations to use in developing their information security framework. This standard mandates a particular set of controls that need to be in place for your ISMS. Therefore, organizations that claim to have adopted ISO 27001 can be formally audited and certified compliant with the standard.

It is this ability to certify the operation of ISMS that makes the standard unique and makes it ideal to be used as a form of independent attestation to the design and operation of an Information Security program. Pivot Point Security is a leading consulting firm for ISO 27001 certification and has worked with organizations of all sizes.

Basic Overview of ISO 27001 Certification Process
PHASE I
Gap Analysis (if needed)
PHASE II
Introductory Training, Process Mapping & Planning
PHASE III
Risk Assessment and establishment of Controls
PHASE IV
ISMS Development
PHASE V
Rollout Training and Informal Assessment
PHASE VI
Management Review, Internal Audit
PHASE VII
Stage I Audit, Stage II Audit
The purpose of ISO 27001 is to enable an organisation to demonstrate that they have effective methodology in place to ensure that its information is kept secure. Companies have many levels of valuable information where the highest will often include developing patents, staff personal information, key financial data etc. Lesser levels will often be current customers, current bids and finally there will be some information you want to be publicly available, typically what may appear on your web site where there is little need for security of this information.

Protection normally addresses who has access to information and what they can do with it. Systems must be in place to ensure that those outside the business cannot gain access or modify the data through virus attacks, spying software and spoofing, and internal data cannot be lost through issues such as IT failures (disk drive crash) or staff copying the data.

ISO 27001 provides a formal way of identifying valuable information, deciding how it is to be protected, putting in place the protections and monitoring, maintaining and reviewing these protections for effectiveness to possibly make changes to information types held.

Ascent Lanka consultants realise a balance has to be achieved between securing key information and making it accessible to the authorised staff in a user friendly way.

Our Consultants are experienced in the requirements of ISO 27001 and have a background in IT or electronics and are trained assessors. ISO 27001 Blueprint/Gap

The aim of the gap analysis stage is to review the current state of the in scope areas of the business against the controls and requirements of ISO 27001, highlighting the areas that currently meet the requirements and the areas that they are currently falling short. This is a key phase as it will allow both ascent Lanka and you to identify where resources will need to be assigned during the project. The output from this stage is a report that details the findings of the gap analysis and prepares the initial Statement of Applicability (SoA).

Ascent Lanka is the ultimate ISO Certification Consulting organization with clients spanning across Sri Lanka, Colombo, Galkissa, Moratuwa, Jaffna, Negombo, Pita Kotte, Sri Jayewardenepura Kotte, and Kandy. Companies around the world have depended on Ascent Lanka to help ensure the Quality and safety of their products, processes and systems. Over 10 years of experience in Implementation of Standards and Controls, ISO Consultants are professional and proven.