Beruflich Dokumente
Kultur Dokumente
0 Unported licence
Skopje 2010
Certificate for successfully implemented and managed Quality Management System based on ISO 9001:2008. The system is implemented and initially certified by British Standard Institute UK in 2004. With the last recertification the validity of the certificate is extended till 2010. FS 84157 ISO9001:2008
Certificate for successfully implemented and managed Information Security Management System based on ISO 27001:2005. The system is implemented and initially certified by British Standard Institute UK in 2004. With the last recertification the validity of the certificate is extended till 2010. IS 84158 ISO27001:2005 Trajkovski & Partners is member of British Standard Institute UK Associate Consultant Programme. ACP is network of consulting companies. Membership in ACP network assures proved competence for implementation of management systems based on ISO standards. In case of T&P (ACP 182) this means competence for ISO 9001:2008 and ISO 27001:2005. Trajkovski & Partners is founder and member of the International Telecommunications and IT Consultants Group ITIC. The group is founded by 15 European companies including Trajkovski & Partners from Republic of Macedonia. Trajkovski & Partners is founder and member of IT Service Management Forum Macedonia itSMF Macedonia. This forum contributes and works for promotion of quality of the IT service management profession through training and certification of its members.
ISACA
Trajkovski & Partners experts competence is proved with worldwide known professional certificates in the IT area design, implementation and managing of Information systems. Specific certificates T&P consultants own are: CISA Certified Information Systems Auditor CISM Certified Information nformation Security Manager CGEIT Certified Governance of Enterprise IT
1. Introduction
Through our years of experience we have worked with many different methodologies for implementation of management systems based on corresponding standards. Adopting more suitable elements of all those methodologies, T&P has extended the recommended BSi methodology to include specific activities and steps for implementation which are in accordance with the requirements of the client. Trajkovski & Partners Consulting has developed specific Methodology for implementation of Information Security Management System - ISMS based on ISO27001:2005.
Objective The purpose of the T&P Methodology for implementation of Information Security Management System is to ensure high quality implementations that bring maximum benefits and achievement of desired outcomes with a minimum disruption to the clients operations during the project. The T&P Methodology for implementation of Information Security Management System is designed to be a flexible roadmap of the paths to be taken to ensure the best possible outcomes from the implementation projects.
Terms
Information security
Definitions
security preservation of confidentiality, integrity and availability of information that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security coordinated activities to direct and control an organization with regard to risk set of interrelated or interacting activities which transforms inputs into outputs specified way to carry out an activity or a process deliberate plan of action to guide decisions and achieve rational outcome(s)
The activities that are part of this methodology reflect integrative aspect. The key activities of this implementation approach, which are presented on the figure, are organized in four phases and described below:
Phase 1: Readiness for Implementation Creating a project team consisted of Clients employees for continual involvement in the implementation process and collaboration with consultant team Definition and acceptation of the project ground rules (implementation plan, roles and responsibilities of the Clients project team members and consultant team members, communication plan) by defining and signing the Project charter Training for managers and project team for introduction to the basic aspects and requirements of ISMS Understanding the business and operations of the Client Definition of the scope of the Information Security Management System GAP / readiness assessment this assessment will help us understand the preparedness of Client for implementation of ISMS and will result in concrete steps for the implementation Definition of the corporative Policy for the ISMS and the roles and the responsibilities of the employees regarding the ISMS
Phase 2: Setting the framework for the ISMS Identification of critical processes and activities Training for managers and project team for risk management Conducting a risk assessment based on T&P Risk Management Methodology Preparation of plan for risks treatment and selection of corresponding controls
Phase 3: Establishing the ISMS Training for project team members Establishing of ISMS Group session for defining the process goals and performance indicators and defining the documentation hierarchy ISMS development (development of core business procedures and supporting procedures, deployment and documentation of ISMS manual) Approving the ISMS manual and supporting documentation Training for project team members Implementing the ISMS Plan for implementation of the documented ISMS Training for all employees on subject ISMS awareness for all employees
Phase 4: Monitoring and Control of the ISMS Training on subject ISMS Internal audit for the internal audit team Assistance in realization of internal audit Assistance in documenting the corrective and preventive actions Assistance in conducting and documenting a Management review meeting Measuring the effectiveness of corrective actions Preparation for certification audit
Supporting Activities (from start-to-end of the project) Project Management (planning, monitoring, coordinating and quality assurance) Project Management Office (virtual collaborative space with referent documents, templates and additional materials and communication tools chat, e-mail, discussion forums)
3. Expected results
Results that are expected from the above described activities are: R1 GAP/Readiness assessment report R2 ISMS Policy and Scope R3 Asset inventory R4 Risk assessment report R5 Risk treatment plan R6 ISMS Manual R7 Documented policies and procedures R8 Plan for implementation of the documented system R9 Training handouts R10 Internal audit plan and report R11 Management review meeting agenda and report R12 Corrective and preventive logs R13 Pre - certification assessment report There are also some internal results mentioned above, those are part of the T&P operative procedures and are implemented in this methodology: IR1 Project Charter IR2 Progress reports IR3 Project closure report IR4 Post assignment satisfaction survey
6. Tools
GAP assessment toolkit Risk assessment toolkit Information security management toolkit Workspace for project collaboration
Important Note:
This methodology is used as a guide, the amount of work and the details required for each step remain on the judgment of the project team and the decision of the project manager. The implementation project is not an objective in itself it is merely a path to the real objectives - improved operations and business outcomes!