ISO/IEC 27001:2005 is a set of best practices to be followed in implementing and maintaining an Information Security Management System(ISMS).
What, really, is an ISMS?
An ISMS is a framework for managing an organization’s sensitive information in a manner that ensures and safeguards its confidentiality, integrity and availability. An ISMS is composed of the people, processes and technological components of the organization. What this means is that an ISMS extends beyond mere technical components of information security such as the use of anti-virus, patching systems, log management, etc. and incorporates components from the people and process dimensions of an organization. In the light of the above backdrop, the role of a standard like ISO 27001 is clear. ISO 27001 provides guidance on the establishment and maintenance of an information security management system.
SISA provides professional consultancy services for ISO 27001 compliance. Our team of qualified ISO 27001 Lead Auditors have many years of experience in implementing ISMS and achieving certification for organizations across various verticals such as banking, retail, IT, manufacturing, etc.
SISA’s ISO 27001 service portfolio includes:
Risk assessment is one of the key requirements of ISO 27001 compliance. The ISO 27005 standard is considered one of the best risk assessment methodologies available today and is widely used by many organizations in achieving compliance – either with ISO 27001 or with other standards such as PCI, etc.
SISA Assistant, a formal risk assessment and compliance management tool from SISA, is used by more than 300 organizations in accomplishing their risk assessment objectives successfully. SMART-RA’s formal risk assessment is based on ISO 27005, OCTAVE and NIST.
The biggest benefit of SISA Assistant lies in the bundled risk assessment data that it comes with. Called Standard Data, this feature of the tool asks the user a few basic questions on his/her scope and then produces assets, threats, vulnerabilities and also risk mitigation strategies for the user’s unique scope.
Whatever your environment, you can be sure that SISA Assistant has the standard data for it. With the cross-integrated Compliance management module, you can link your risk assessments to respective requirements and reduce compliance effort.
Find out more about SISA Assistant.
SISA provides training services on effective information security risk assessments. Our workshops cover widely accepted risk assessment methodologies such as ISO 27005, OCTAVE, NIST, etc. Our trainers are some of the best in the world and have extensive industry experience of 15 to 20 years in risk assessment.
The CISRA workshops: