In today’s competitive business environment, information is critical to the day-to-day operation, compliance and strategic planning of your business. As a vital business resource, its value means that it is constantly under threat from being deliberately or accidentally mis-used, damaged, lost or even stolen from individuals inside or outside the organisation.
As a result, organisations need to establish a comprehensive set of documented policies, processes and procedures to ensure the confidentiality, integrity and availability of business information. The majority of organisations already have a number of information security policies and controls however these tend to be fragmented and are often based on generic threats or past security incidents.
ISO 27001 (formerly BS7799) is recognised as the standard for information security management. It provides a framework to minimise the threats to Information and Communication Technology assets and the business. Other business benefits include:
- Demonstrating legal, regulatory and compliance with various standards such as the Data Protection Laws;
- Reducing the likelihood of fraud, high insurance premiums, data losses and fines;
- Providing assurance to clients, suppliers and Invitation-To-Tender(ITT) security requirements;
- Enhancing business reputation; and
- Maintaining a competitive advantage.
If you wish to:
- Introduce system and processes that allow for Intellectual Property (IP) to be protected, controlled, managed and easily reported on to help reduce risk
- Introduce an Information Security Management System (ISMS) that will allow you to independently maintain for future certification
- Understand the physical risks across your organisation and how these risks can be better managed
- Identify and successfully mitigate all technology gaps/vulnerabilities, through the appropriate use of technological, policy and procedural controls
- Ensure that your ISMS is optimally configured and can be easily operated through a process of audit and testing
PwC can help you
- Define the Scope
- Risk Assessment
- Gap Assessment
- Readiness Assessment
Define the Scope
The scoping of an ISO 27001 project is the fundamental part of any compliance or certification activity, whether it is your entire business or a specific unit, department or system(s).It is also important to define the needs and expectations of interested parties.
Risk Assessment
A risk assessment is completed to help the business understand the risks associated with confidentiality, integrity and availability for its assets and assess the threats against these, including the likelihood of their occurrence. In addition, a Risk Treatment Plan is produced to detail the security controls required to help mitigate against the identified threats, including which risks are reduced, accepted, avoided or transferred.
Gap Assessment
We perform a comprehensive assessment of your existing business processes and documentation before comparing them against those within the ISO 27001 standard. This helps you understand your current compliance position and the required corrective actions to comply with the standard.
Readiness Assessment
The readiness assessment helps you understand how your organisation would perform against the ISO27001 audit. It focuses on how the organisation is performing against ISO27001, assessing the control objectives, processes, procedures and verifying that appropriate plans are in place to maintain and continually improve the Information Security Management System (ISMS).
