| |
|
Arrange a free initial consultation with one of our ISO27001
specialists call 01344 780000 now!
Armana’s consultants are highly
experienced in delivering ISO27001 solutions. They are able to
assist our customers in the implementation of an Information
Security Management framework in order to achieve certification to
the standard.
An ISO 27001 project encompasses a number areas, including:
Gap Analysis
Analyses your organisations compliance with not only ISO 27001
requirements but also investigates the gaps in your defence to avoid
you being taken to court for security breaches or non-compliance
issues. This is one reason our consultants are knowledgeable about
the law and forensic investigations.
The analysis is performed in stages as listed below:
|
▪ |
Ascertain structure of
organisation and scope of Information Security (IS)
requirement |
| |
|
|
▪ |
Establish the extent of
compliance with the mandatory requirements of ISO 27001,
i.e. clause 4 to 8. This will include: |
| |
|
|
| |
▪ |
considering existing processes
and procedures |
| |
|
|
| |
▪ |
examining a sample of
documentation |
| |
|
|
| |
▪ |
examining a sample of existing
policies |
| |
|
|
▪ |
Using the 133 controls listed
in ISO 27002 (the Code of Practice) as a framework, identify
primary gaps in the information security controls in place
within the organisation. |
| |
|
|
▪ |
Identify principal information
assets and relative value to the business. |
| |
|
|
▪ |
Asses the degree of compliance
with applicable legislation (Data Protection Act, FoIA, RIPA
etc). |
| |
|
|
▪ |
Assess policy / procedural /
technical IS improvements that would be necessary to achieve
compliance with the ISO 27001 standard. |
| |
|
|
▪ |
Report on findings of gap
analysis and make recommendations for remedial
action/strategy to achieve compliance with the requirements
of ISO 27001. |
Risk Assessment
Each organisation faces their own unique mixture of threats and
vulnerabilities when it comes to Information Security. A thorough
assessment of the potential risks can not only safeguard the
important and valuable information assets, but also save time and
money by avoiding the implementation of unnecessary controls. To
ensure that the analysis is both appropriate and cost effective it
is important that focus is centred on the most important information
assets to avoid expenditure on unnecessary controls.
Armana can help you to reduce your exposure to information security
risks by undertaking a thorough risk analysis of your security
infrastructure. The detailed assessment of current threats and
vulnerabilities balanced against the existing control measures
provides a clear indication of where improvements are necessary.
Risk management can then be practiced to avoid risks wherever
possible and to reduce residual risk by introducing appropriate
controls.
Armana can help to:
| ▪ |
Identify and
value the important information assets |
| |
|
| ▪ |
Identify the
vulnerabilities of those assets and relevant operational
risks |
| |
|
| ▪ |
Recommend
measures to avoid or mitigate the risks |
| |
|
| ▪ |
Reduce the
threats and vulnerabilities |
| |
|
| ▪ |
Identify
control objectives |
| |
|
| ▪ |
Select any
additional effective and appropriate control measures that
may be required |
Business Continuity Planning
Often overlooked, due to the “it will never happen to me culture”,
business continuity is an issue which is far too often put to the
bottom of the corporate agenda. Armana’s consultants work with
companies to formulate a “business continuity” plan based on ISO
25999 to cover incidents from total loss of business through, for
instance, flooding through to lesser interruptions to business
continuity e.g. loss of essential staff, long power outages.
Guidance on the requirements for certification to ISO 25999 can be
provided.
The purpose of any business continuity plan is to :
| ▪ |
Establish an organisational
structure in order that any unforeseen incident which
threatens the continuity of business can be managed to
minimise the risk/impact on the business. |
| |
|
| ▪ |
Identify and create key teams
of staff to work along side senior Directors and Managers to
effectively manage any business continuity incident.
|
| |
|
| ▪ |
Ensure the safety of the
company’s staff and individuals which the company has
responsibility for following an incident. |
| |
|
| ▪ |
Ensure the rapid
re-establishment of communications, computer systems, and
critical business functions. |
| |
|
| ▪ |
Establish the principles upon
which the logistics of recovery of the main business
functions will be based. |
| |
|
| ▪ |
Establish a clear
communications channel to the media and ensure that any
reporting is in the best possible interest to the company.
|
| |
|
| ▪ |
Ensure that internal
communication to the staff is clear and effective following
an incident and during the recovery process. |
Policy Awareness and Training
Armana’s consultants can provide a range of staff awareness training
seminars based upon the defined policies that the company has
adopted. The key aim is to ensure that staff (permanent and
contract) are kept up to date about the adopted Information security
policies and that they "sign-up" to execute these policies, in the
course of their day to day work. This will typically involve the
company's HR department to make Information Security awareness part
of new staff induction process as well as part of the ongoing
reviews of all personnel.
Data Protection Act (DPA) and Training
DPA Consultancy – Clearly explaining how to achieve compliance at a
practical level, with the requirements of the Data Protection and
Freedom of Information Acts.
Data Protection consultancy includes helping you to develop policies
and procedures on principle compliance, (such as handling requests
for access to information and other individuals’ rights),
notification, meeting the Caldicott requirements (affects health
services, social services and education departments), and
information sharing.
Freedom of Information consultancy, which includes how to implement
and maintain your publication scheme, and prepare your organisation
for handling requests for information in 2005.
Data Protection “Health Checks” – involves carrying out an
assessment and reporting on how well your organisation is doing in
terms of compliance with the Act, and includes recommendations for
improvements, where needed. It is based on the Information
Commissioner’s audit methodology.
Training and awareness sessions on the practical implementation of
the Data Protection Act, for those who are responsible for managing
it, or your employees, to help them to understand how it affects
them and their work. Sessions can be in the form of practical
workshops or formal presentations.
|
|
|
Contact Details
Armana Systems LLP
Talbot House
High Street
Crowthorne
Berkshire
RG45 7AQ
|
|
