We help organizations in Bringing Improvement in their activities by IMPLEMETING suitable Management Systems. The approach in each case is briefly stated below:
Information Security Management System
Information Security is to control Access, Prevent Damage, to the information assets (H/W, S/W, Information, Services) and ensuring secure and smooth business approaches. Includes Protection of information at Logical, Physical and organizational levels. It is characterized by preservation of Confidentiality, Integrity and Availability of Information. It is achieved by implementing a set of controls, which could be policies, procedures, organizational structures, and software functions.
Information Security Protects information from a range of threats, Ensures Business Continuity, Minimizes Financial Loss, optimizes returns on Investments, Increases Business opportunities.
Information security is achieved by implementing a suitable set of controls, which include policies, practices, procedures, structures and functions. These controls need to be established to form the Information Security Management System (ISMS) which serve to ensure that the specific security objectives of the University are met.
Awareness and Implementation
This training provides in addition to an overview of the requirements of the standard, clause wise interpretation to appreciate the actual requirements. At the end of the training a clear picture emerges to plan for implementation considering all the relevant factors.
The training on documentation is primarily to give the inputs to identify the various documents and the method of structuring the documentation with all requisite details facilitating implementation. The detailing of documentation being the important aspect of the system, this training provides all necessary inputs for effective documentation.
The two-day training is to provide all inputs regarding the internal auditing techniques and to effectively report the audit findings with a view to enhance the effectiveness of the system. The ISO 19011 shall be the base for this Auditor Training.
The Steps involved are:
- Assemble a team and Plan your Strategy,
- Review Consultancy Options,
- Undertake a Risk Assessment,
- Develop a Security Policy Document,
- Develop Supporting Literature – Procedures,
- Implement your Information Security Management System,
- Carry-out Internal Audit,
- Gain Registration,
- Choose a Registrar – Certifying Body get the certificate,
Continual Assessment and IMPROVEMENT