QMS Development: ISO 27001 for Information Security Management System (ISMS)
The development and implementation of ISMS is a strategic decision.
ISO 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the overall business risks.
The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
Information security policy is the basic document defining the framework of ISMS. Some of the processes implemented in Corporate Information Security Management System:
- Access management (logical & physical)
- Information security incident management
- Risk management
- Asset management
- Documentation & data classification & management
- Communications and operations management (including Operational procedures and responsibilities, Third party service delivery management, System planning and acceptance, Back-up, Network security management, Monitoring and Audit, etc.)
- Human resources security
- Information systems acquisition, development and maintenance
- External parties
- Business continuity management
- Compliance with legal requirements