Secure your knowledge and information with a systematic approach
Most organisations now rely on information systems to support all of their critical business processes. This dependency has led to an evolving risk from electronic security threats such as hacking, data loss, breach of confidentiality and even terrorism. These increasingly sophisticated attacks can come from individuals, private organisations or even clandestine foreign intelligence agencies. When these attacks result in loss of information, theft of confidential data or damage to critical systems and documents, organisations can suffer severe consequences including financial repercussions and reputational risk.
What is ISO 27001 ?ISO 27001 is the leading international standard for information security management. It covers commercial, governmental and not-for-profit organisations, and specifies the requirements for establishing, implementing, monitoring and improving an information security management system (ISMS).
Why ISO 27001 is important ?
• This is our commitment to information security management for interested parties verified by BSI, a founding member of the International Organization for Standardization (ISO).
• It protects our business against information security threats and vulnerabilities.
• ISO 27001 is becoming a customer requirement by most of the countries.
• It therefore provides added value to the enterprise and its interested parties.
How can you prepare for ISO 27001 ?
Like many other management systems, ISO 27001 is based on the Plan-Do-Check-Act approach to quality improvement. You can prepare for the standard by undergoing training to learn more about it. Thought At Work offers a foundation course that provides an overview of the standard’s requirements. You will also learn what your organisation needs to do in order to ensure its continued compliance to the standard after initial certification.
Six steps to certification –
• Prepare a GAP Analysis to define the scope of Information Security Management System.
• Perform an implementation plan.
• Prepare a pre-audit.
• Step-1 Audit with Thought At Work auditor.
• Step-2 Audit with Thought At Work Auditor and close any no conformance.
• Receive your audit report and certificate after approval by the committee and initiate annual surveillance audits.
Additional Information Security Services
• Penetration testing – Our experts make use of specialized technology to find vulnerabilities in your website or internal network and assess the impact of possible attacks before they happen. We provide you with a prioritized and validated list of threats requiring your attention.
• PCI-DSS and PA-DSS – We provide support for security requirements, especially for the payment card industry, which has different requirements depending on the card company (MasterCard, VISA, AMEX).