Infy career - PMP in Chennai, PMP training in India, PMO Training, PGMP Training, EPM Tools Training, ISO in Chennai India , ISO 9001:2000, ISO 27001:2005, ISO 20000-1:2005 in Chennai, Staffing solution, software development , Project Management, Systems Management Service Management Quality Management, in Chennai India, Banking, Insurance, Telecom, Manufacturing, HealthCare


	ISO 27001:2005

	ISO 27001:2005

	ISO/IEC 27001 is a standard setting out the requirements for an information security management system (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties including an organization's customers.

	The objective of the standard itself is to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System.

	We adopt a six-step consulting methodology to manage the ISO 27001 implementation

	Step I: Understanding Business Functions

	The purpose of this phase is to provide the initial planning and preparation for the assignment. The steps in this phase help re-emphasize the project objectives and goals and plan the various focus / target areas to be considered during the assignment.

	Step II: Data Acquisition

	The purpose of this phase is to collect all relevant data pertaining to the scoped area. This is probably the most crucial phase, since it involves meeting the stakeholders and understanding their concerns, as well as assets under their responsibility and the importance of these assets to their business function.

	Step III: Risk Assessment

	Performing a comprehensive Risk Assessment on the identified critical IT assets would enable to select appropriate risk mitigation controls. Risk assessment methodology is a multi-fold activity comprising assigning values to the identified critical information assets, threat assessment, Vulnerability Assessment & Penetration Testing exercise and Gap Analysis.

	Step IV: Prioritize

	The purpose of this stage is to develop a risk mitigation strategy and plan to provide inputs to the selection of ISO 27001 compliant controls. The inputs from this stage will drive the development of the IT policy.

	Step V: Design & Build

	The purpose of this stage is to develop detailed and functional IT security policies and procedures for the client. The policy statements will be in line with ISO 27001 and will address the risk areas identified earlier (as per the risk mitigation and treatment plans).

	Step VI: Action Plan

	The main purpose of this stage is to provide the client with a Security Improvement Program which would help the client to have a continuous improvement as well as to get ISO 27001 certification. The objective of this phase is to implement the security controls. This phase results in an implementation roadmap that the client can use to implement the ISO 27001 controls.