Hosted ISO 27001

ISO 27001: 2005 DATA SECURITY MANAGEMENT SYSTEM

Why use the Hosted Business Model?

We emphasis the Business rather than just the Security or IT part of ISO 27001.
Instead of many Polices, Procedure and Work Instructions (one system we converted had over 80 Work Instructions which was completely unworkable). We concentrate on an integrated solution.

Note – ISO 27001 should not be dominated by IT requirements since it relates to all Company information. Nor should the controls and processes be dominated by only Security issues since the Standard relates to Risk Management associated to the:

Confidentiality, Availability and Integrity of Information.

Improvements

An integral part of ISO 27001 is the requirement to Improve. For traditional systems, this can be a problem to define, integrate and maintain.

With the Hosted Business Model (based on the requirements of ISO 9001 tuned to your requirements) there are the following specific benefits:

• Integrated - clear Link between Company Strategy, Objectives, Action Plans and Processes, Performance Indicators and Responsibilities
• Action Plans - with User defined Planned and Actual Start, Progress tracking with % completion and Comment section, Planned and Actual Finish Dates
• Risk Management - Example Risk Registers and Information Assets can be added (initially from an Excel Spreadsheet) but later directly from the Internet Explorer or browser
• Measurable Objectives - Define your own Key Performance Indicators. Then add the actual results against your Targets so you can monitor your success
• Personal Responsibilities - allocate responsibility by linking persons with a Process Box, Action Plan, KPI etc
• References - Link the relevant part of your process to the appropriate clause of the ISO 27001 Standard.
• Immediate Availability of the latest documents & processes - Immediate Updating of the Model means no paper-chase updating Manuals and paper Procedures.

The emphasis is on working, monitoring and improving your Business and Processes as well as making it simpler for your employees to be effective and committed (rather than Record keeping or Documentation paper-chase)

General Benefits of ISO 27001: 2005

1. Information Advantage
   ISO 27001 provides externally verified assurance that you are managing the information in your care (whether your own or others). You are assessing and managing the risk to business critical information which is increasingly important to the on-going success of Organisations.
2. Operational Efficiency
   ISO 27001 includes a cohesive systematic approach to control and monitor business information. By providing a clear structure of working processes and practices, focus is given the continuous improvement of working methods and the reduction of business risk.

Experience shows that the cost is moderate compared with the cost efficiency gained by effective methods of operation, improved productivity, reduction of waste and better management control. Attaining successful Assessment and Registration also helps in retaining existing Customers and in gaining entry into new markets.

Why ISO 27001?

• Improve Information Advantage and Effectiveness
• Achieve a business standard that is appreciated and often required by the Customer

Scope

Covers all the processes which affect the security of data handled by the Company, be it paper or electronic, in-house or in-transit, to the benefit of the Customer.