Hosted ISO 27001

ISO 27001: 2005 DATA SECURITY MANAGEMENT SYSTEM

Why use the Hosted Business Model?

We emphasise the Business rather than just the Security or IT part of ISO 27001. Instead of many Polices, Procedure and Work Instructions (one system, we converted had over 80 Work Instructions, which was completely unworkable). We concentrate on an integrated solution.

Note - ISO 27001 should not be dominated by IT requirements since it relates to all Company information. Nor should the controls and processes be dominated by only Security issues since the Standard relates to Risk Management associated to the:

Confidentiality, Availability and Integrity of Information

Improvements

An integral part of ISO 27001 is the requirement to Improve. For traditional systems, this can be a problem to define, integrate and maintain.

With the Hosted Business Model (based on the requirements of ISO 9001 tuned to your requirements) there are the following specific benefits:

• Integrated - clear Link between Company Strategy, Objectives, Action Plans and Processes, Performance Indicators and Responsibilities
• Action Plans - with User defined Planned and Actual Start, Progress tracking with % completion and Comment section, Planned and Actual Finish Dates
• Risk Management - Example Risk Registers and Information Assets can be added (initially from an Excel Spreadsheet) but later directly from the Internet Explorer or browser
• Measurable Objectives - Define your own Key Performance Indicators. Then add the actual results against your Targets so you can monitor your success
• Personal Responsibilities - allocate responsibility by linking persons with a Process Box, Action Plan, KPI etc
• References - Link the relevant part of your process to the appropriate clause of the ISO 27001
• Central Location for current documents & forms
• Immediate Availability of the latest documents & processes - Immediate Updating of the Model means no paper-chase updating Manuals and paper Procedures

The emphasis is on working, monitoring and improving your Business and Processes as well as making it simpler for your employees to be effective and committed (rather than Record keeping or Documentation paper-chase)

General Benefits of ISO 27001: 2005

1. Environmental Advantage
   ISO 27001 provides externally verified assurance that you are managing the information in your care (whether your own or others). You are assessing and managing the risk to business critical information which is increasingly important to the on-going success of Organisations.
2. Operational Efficiency
   ISO 27001 provides an integrated and systematic approach to document, control and monitor business information. By providing a clear structure of working processes and practices, there is a focus on continual improvement of working methods and the reduction of business risk.

The evidence is that implementation costs are an investment with the return of cost advantages and other improvements gained by better methods, improved productivity, reduction of waste and better management control. Achieving successful Assessment and Certification also assists in retaining existing Customers and in gaining new Customer.

Why ISO 27001?

• Improve Environmental Advantage and Effectiveness
• Achieve a business standard that is appreciated and often required by the Customer

Scope

Covers all the processes which affect the security of data handled by the Company, be it paper or electronic, in-house or in-transit, to the benefit of the Company & Customer.