Beruflich Dokumente
Kultur Dokumente
reducing risk
1 Management commitment
and support
2 Develop a plan
Success is all the more likely if you
develop a meaningful and realistic plan,
measure performance against that plan
and then be prepared to change it in the
event of unforeseen circumstances.
your stakeholders
4 Management processes
These processes and top managements
understanding of these processes, are
critical to the effective implementation of
your ISMS:
Having a clear understanding of your
market, stakeholders, risks, objectives
and strategy will help you dene and
understand your context whilst helping
to drive your ISMS and the ethos of
continual improvement
Adequate resources (people,
equipment, time and money) should
be allocated to the development,
implementation and monitoring of
your ISMS
Internal audit veries that your
management system is operating as
intended and is identifying system nonconformities and any opportunities for
improvement
Management review provides the
opportunity for top management to
assess how well your management
system is operating and supporting the
business
Make sure you have correctly trained
and competent individuals within your
organisation.
5 Dene scope
It is essential that the logical and
geographical scope of your ISMS is
accurately dened so that the boundaries
of your information security management
system and security responsibilities can be
identied.
6 ISMS policy
Dene your ISMS policy in terms of
the characteristics of the business, the
organisation, its location, assets and
technology.
management
8 Risk treatment
The risk assessment identies risk
levels which are then compared to the
acceptable level of risk determined by
your organisations security policy. Once
they have been determined, implement
controls to mitigate these risks.
9 Gap analysis
This assessor delivered activity offers the
opportunity to focus on critical, high risk
or weak areas of your system in order to
create a certiable system. It can also look
at how existing management systems
or procedures can be used within your
chosen standard.
10 Certication
Certication is an external assessment of
your information security management
system to ensure that it meets the
requirements of ISO 27001. It is typically a
two stage process consisting of a system
appraisal and an initial assessment, the
duration of which is dependent on the
size, complexity and nature of your
organisation.
About us
Ever tougher stakeholder demands,
changing business conditions and
increased competition means you need
better operational control, performance
and risk management.
To help you, we continue to enhance our
services. We dont just verify against the
requirements of a standard, but go even
further.
Our eld-based business development
managers tailor our certication,
validation, verication and training
services to better meet your needs, giving
added value beyond the traditional
assessment process.
Our expertise
Your choice of certication body says a
lot to your customers about how seriously
you take your information security
management system (ISMS). You need to
choose a certication body that can help
you develop your management system to
realise its full potential.
LRQA has been at the forefront of
standards development and involved in
ISMS assessment and certication for a
number of years. We have high-prole
clients in the nance, telecommunications,
software, internet, consultancy, justice
and government sectors. They trust us
to deliver high quality, consistent and
impartial assessments with the full backup of a highly dedicated support package.
Our services
Training
Whether you are in the early stages of
setting up an ISMS or looking to improve
what you have, we have a course to suit.
Our public courses are held throughout
the UK and give you the added benet of
sharing experiences with other delegates.
We can also deliver any of our standard
published courses in-house or tailor an
event to meet your specic needs.
More from: www.lrqa.co.uk/training
Optional gap analysis
This assessor-delivered activity offers the
opportunity to focus on critical, high risk
or weak areas of your system in order to
create a certiable system. It can also look
at how existing management systems
or procedures can be used within your
chosen standard.
www.lrqa.co.uk/iso-27001
LRQA, 1 Trinity Park, Bickenhill Lane, Birmingham, B37 7ES, United Kingdom
Care is taken to ensure that all information provided is accurate and up to date. However, LRQA accepts no
responsibility for inaccuracies in, or changes to, information. Lloyds Register and variants of it are trading names
of Lloyds Register Group Limited, its subsidiaries and afliates.
Lloyds Register Quality Assurance Limited 2016. A member of the Lloyds Register group. Pub March 2016