ISO27001 - Information Security Management Systems
In today’s competitive business environment, information is critical to the day-to-day operation, compliance and strategic planning of your business. As a vital business resource, its value means that it is constantly under threat from being deliberately or accidentally mis-used, damaged, lost or even stolen from individuals inside or outside the organisation.
As a result, organisations need to establish a comprehensive set of documented policies, processes and procedures to ensure the confidentiality, integrity and availability of business information. The majority of organisations already have a number of information security policies and controls however these tend to be fragmented and are often based on generic threats or past security incidents.
ISO 27001 (formerly BS7799) is recognised as the standard for information security management. It provides a framework to minimise the threats to Information and Communication Technology assets and the business. Other business benefits include:
- Demonstrating legal, regulatory and compliance with various standards such as the Data Protection Laws;
- Reducing the likelihood of fraud, high insurance premiums, data losses and fines;
- Providing assurance to clients, suppliers and Invitation-To-Tender(ITT) security requirements;
- Enhancing business reputation; and
- Maintaining a competitive advantage.
If you wish to:
- Introduce system and processes that allow for Intellectual Property (IP) to be protected, controlled, managed and easily reported on to help reduce risk
- Introduce an Information Security Management System (ISMS) that will allow you to independently maintain for future certification
- Understand the physical risks across your organisation and how these risks can be better managed
- Identify and successfully mitigate all technology gaps/vulnerabilities, through the appropriate use of technological, policy and procedural controls
- Ensure that your ISMS is optimally configured and can be easily operated through a process of audit and testing
Then PwC can help you
At PwC we offer a phased approach to help with your ISO27001 project based on the Plan, Do, Check and Act framework. We will work alongside your organisation to assist you in:
- Implementing an ISMS that will enable you to easily report the current state of security surrounding business critical systems and process issues
- Completing a risk assessment to help you in understanding the threats to your assets and the likelihood of their occurence
- Producing a Risk Treatment Plan to detail the security controls required that will help mitigate against the identified threats, including which risks are reduced, accepted, avoided or transferred
- Performing a comprehensive assessment of your existing business processes and documentation and subsequently comparing them against the ISO 27001 standard. This will help you in understanding your current compliance position and the required corrective actions to comply with the standard
- Performing a readiness assessment to understand how your organisation would perform against the ISO 27001 audit.
- Christos Tsolakis
- Partner - Risk Assurance Consulting
- Tel: +357-22555000
- Fax: +357-22555001
- George Lambrou
- Partner - Risk Assurance Consulting
- Tel: +357-22555000
- Fax: +357-22555001
- Internal Audit
- Internal Controls Optimisation
- IT General Controls (ITGCs) Review
- Information Technology (IT) Risk Diagnostic and Benchmarking
- Systems Implementation Assurance (SIA)
- SAP / Oracle - Segregation of Duties
- Regulatory Compliance
- Spreadsheet Integrity Review
- Computer Assisted Audit Techniques (CAATs)
- ISO27001 - Information Security Management Systems