Shergroup Outsource
intelligent business outsourcing
Shergroup Outsource
 
Shergroup Outsource
Shergroup Outsource
Reduce Your Cost
 

ISO 27001:2005

 

Achieving ISO 27001:2005

ISO 27001, titled ‘Information Security Management Systems’ (ISMS), is the replacement for the original document, BS7799-2. The basic objectives of the standard are to help establish and maintain an effective information management system using a continual improvement approach and assist businesses and organisations throughout the world to develop best-in-class information security.

Most organisations have a number of information security controls. Without an ISMS, however, the controls tend to be somewhat disorganised and disjointed, having been implemented often as point solutions to specific situations or simply as a matter of convention. The standard defines its 'process approach' as "The application of a system of processes within an organisation, together with the identification and interactions of these processes, and their management".

The Challenge

After achieving ISO 9001:2008, we were a little more confident about working on this project. We knew from the outset that the standard would involve a great deal of commitment from the entire team if we were to achieve certification. We faced a number of challenges including:


Achieving team “buy in”, as the introduction of an ISMS involves huge cultural changes in the way an organisation operates
   
Getting the team to think beyond electronic information and consider the physical security of our building, paper documents and electronic information
   
Getting the team to think of information security as an integral part of the daily business and not as an additional burden
   
The commitment and inputs from senior managers to help maintain momentum in driving this project forward
   
Spreading the knowledge and particularly the jargon used in ISMS across the team
   
Making information security management a team-wide responsibility and not just the preserve of the IT department
   
Keeping the project moving forward during the implementation process and before the all important audit certificate was granted!


The Solution

Using our experience of ISO 9001:2008 certification, we created a step-by-step procedure, which worked as follows:


We created a core team for the project
   
We organised awareness and training programmes for all team members
   
We defined the information security policy and our objectives, and listed down all our information assets
   
We identified the risks and threats to all the information assets and worked out a strategy for risk mitigation
   
We strengthened our physical and information security from all the aspects by implementing ISMS controls
   
We carried out rigorous internal audits and brainstorming sessions to achieve the standard


The Outcome

In July 2009, Shergroup Outsource achieved its ISO 27001:2005 certification. We were issued with a certificate, valid for three years, by the British Standards Institution for successfully implementing the Information Security Management System.


The Ongoing Benefits

As a result, we believe we have not only achieved the standard but also a number of other benefits including:


The enhancement of our business partners’ confidence in and perceptions of our organisation
   
Knowing that our clients’ data is safe and that we can handle their information to the highest possible standard of professionalism in a controlled and organised way
   
Creating formal policies and procedures in managing and handling information within an acknowledged framework, which is communicated to our entire team
   
Recognising the risks to information security and ensuring through our policies and procedures that we have clear processes to identify assets, and understand how to deal with risks, threats and other vulnerabilities in a positive way
   
Improved team development and motivation through responsibility, awareness and ongoing training in the area of information security
 
Shergroup Outsource
Shertv
Shergroup Outsource
Sherpod
Shergroup Outsource
Environmental Policy
Recycle Logo
Shergroup Outsource
 
Shergroup Outsource
 
Shergroup Outsource