Consultancy expertise for ISO design and implementation

Slides:



Advertisements
Similar presentations
Environmental Management System Implementation
Advertisements

ORGANIZATION. 2 Purchasing & Inventory Assessment Occurrence Management Information Management Process Improvement Customer Service Facilities & Safety.
Welcome Nacaro Williams
Dr. Julian Lo Consulting Director ITIL v3 Expert
ISO General Awareness Training
Environmental Management Systems Refresher
First Practice - Information Security Management System Implementation and ISO Certification.
OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.
FPSC Safety, LLC ISO AUDIT.
BS EN ISO 14001:2004 Madlen King BSc MSc MIEMA EMS Lead Assessor Lloyd’s Register Quality Assurance Ltd BS EN ISO 14001:2004.
Key changes and transition process
Key changes from OHSAS 18001:1999
1 European Conference on Training Strategies Kieran Cox -NSAI Education & Promotion-
Introduction to ISO International Organization for Standardization (ISO) n Worldwide federation of national standards bodies from over 100 countries,
Implementation of ISO 14001/OHSAS TMS Consultancy Ltd.
Presented to: By: Date: Safety Management Systems Oklahoma FFSHC Stephanie Schroeder, CSP November 14, 2013.
Setting up an Internal Audit Program By
Günter Griesmayr 29. April 2010
© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.
10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
Adaptive Processes Consulting Pvt. Ltd. An ISO 9001:2000 Certified Company This document is the property of and proprietary to.
Integrating Environmental, Safety, and Quality Management System Audits David Skipper UT-Battelle Environmental Protection Services Manager August 27,
Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
ISMS Implementation Workshop Adaptive Processes Consulting Pvt. Ltd.
ISO Registration Common Areas of Nonconformances.
ISO Consultants In Dubai EQS offers consulting services to help SMEs achieve certification to ISO 9001, ISO and OHSAS standards for their Quality,
ISO CONCEPTS Is a management standard, it is not performance or product standard. The underlying purpose of ISO 1400 is that companies will improve.
Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.
What is an Integrated Management System? It is a management system that integrates all of an organization's systems and processes in to one complete framework,
Learn Integrated Management System Documentation Process with Ready-to-use EQHSMS Documentation Kit
ISO :2015 Documentation kit for Accreditation of Certifying Body - by Global Manager Group
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
Isoconsultant.us Welcome to Isoconsultant.us. Who We Are ? Global Manager Group is one of the most preferred and leading ISO consultancy company providing.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
Primary Steps for Achieving ISO Certification.
ISO Certification For Laboratory Accreditation ISO Certification For Laboratory Accreditation.
ISO Certification Consultancy Information regarding various International management systems and certification consultancy offered by Punyam Management.
What is ISO? ISO is that the world’s largest developer of voluntary International Standards. International Standards provide state of the art specifications.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
IMS Implementation Project
HSE Interview Questions / Answers Series (Part 1)
UNDERSTANDING ISO 9001:2008.
GS-R-3 vs. ISO 9001:2008 Requirements - 4
ISO/IEC
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
ISO 14001: 2004 Environmental Management Review Presentation
BASIC PRINCIPLES IN OCCUPATIONAL HYGIENE
Start Why ISO In WWM CRC?.
Learn Your Information Security Management System
Auditor Training Module 1 – Audit Concepts and Definitions
UNIT V QUALITY SYSTEMS.
Построение культуры integrity в компании Aнар Каримов партнёр «ЭКВИТА»
OHSAS Certification OHSAS is globally specification occupational health and safety management system Standard. OHSAS Standard is an.
INTRODUCTION TO ISO 9001:2015 FOR IMPLEMENTATION Varinder Kumar CISA, ISO27001 LA, ISO 9001 LA, ITIL, CEH, MEPGP IT, Certificate course in PII & Privacy.
Standardization in the Beauty and Wellness Sector
Project proposal for ISO 27001:2013 implementation
BU IS GIG Chemical, Oil & Gas
Chemicals and Environmental Management Systems
Setting up an Internal Audit Program
ISO/IEC 27001:2005 A brief introduction Kaushik Majumder
Why ISO 27001? Subtitle or presenter
Lockheed Martin Canada’s SMB Mentoring Program
Developing & implementing business strategy
Why ISO 27001? MARIANNE ENGELBRECHT
Quick Facts Health & Safety Management
Agenda Why this group exists Who is behind it
Chapter # 8 Quality Management Standards
Project proposal for OHSAS 18001:2007 implementation
Project proposal for ISO 14001:2015 implementation
Presentation transcript:

Consultancy expertise for ISO 27001 design and implementation The Albanian experience CIS Forumi i Sigurisë së Informacionit 15 Tetor 2014 Hotel Tirana International MSc. Eng. Besmir Zanaj TMC- Training Management Consulting

Besmir Zanaj MSc in Telecommunication Engineering Working in the IT sector for 7+ years Information security consultant for 3+ years Helping big and small businesses

Contents TMC – Training Management Consulting Information Security Management System (ISMS) Benefits of ISO 27001 The ISO/IEC 27001:2013 Certification Process Biggest challenges in ISO 27001 implementation Challenges in Albanian companies The main mistakes in security implementation The consultancy process

Training Management Consulting TMC - a center where professional experts produce synergy through interconnection of their knowledge and experiences to build Excellence for Clients with the Clients The experienced TMC’s consultants will your support in: Quality Management Systems (ISO 9001) Environmental and Health Safety Management (ISO 14001 & OHSAS 18001) IT Service Management (ISO 20000) Information Security Management (ISO 27001) – today’s speech  Food Safety Management (ISO 22000) Testing Laboratories (ISO 17025) More than 8 years of experiences in Albanian Market with over 100 projects Over 10 Staff & Partners Projects certified from: CIS, Quality Austria, TUV Nord, TUV Rheinland, Lloyd’s Registar, EQA, Eurocert etc. Strategic partners: QPLAN-INE Ltd, TU Berlin (Germany), ICG (Austria), IBK (Germany)

Information Security Management System (ISMS) ISO 27001:2013 Provides requirements for Establishing Implementing Maintaining Continually Improving an Information Security Management System.

Information Security Management System (ISMS) The adoption of an information security management system is a strategic decision for an organization. The standard covers all types of organizations, and all industries/segments The ISMS preserves the Confidentiality, Integrity and Availability of information by applying a Risk Management process

Benefits of ISO 27001 Compliance Marketing value and more business partners (e.g. datacenters) Lowering the expenses Optimizing business processes

The ISO/IEC 27001:2013 Certification Process Phase I : Before External Audit Implementation of ISMS Conduct Internal Audit Selection of a Certification body Phase II : External Audit Stage 1 Audit Stage 2 Audit Phase III : Following the audit Confirmation of Registration -> Certification Continual improvement and Surveillance audits (every year)

Biggest challenges in ISO 27001 implementation Culture of a company/resistance to change Risk assessment and treatment Scope of effort (time and resources) for a small company Choosing the right consulting company for implementation assistance Top management commitment for the duration of the project

Challenges in Albanian companies Management commitment is present but not delegated properly in employees Generally the project is delegated to IT Managers, not Information Security Managers The project manager is not certified or trained in information security Other important departments (Legal, HR) are not involved since the beginning of the project Companies should market the achievement!

The main mistakes in security implementation Information security is not all about IT All company should be involved Information Security implementation needs time – plan for it! Information Security implementation needs people – hire/train them! The standard implementation leaves behind processes, not documentation. Seems too difficult, don’t start it this year…

The consultancy process Gap analysis Offering Time required for a successful implementation ISO 27001 implementation costs Implementation Approach 16 steps towards certification

The consultancy process Gap Analysis A full scale snapshot of the company status Free analysis for our clients Identify all gaps and needed effort Create a consultancy offer with minimum costs Added value: company can begin working on information security by just having this analysis

The consultancy process Offering Set up the implementation program and schedule Identification of all efforts by the consultant Identification of all efforts from the client Best offering consisting in real effort working hours.

The consultancy process Time required for implementation Smaller organizations – up to 100 employees up to 8 months Medium sized organizations – 100 to 300 employees 8 to 12 months Larger organizations – more than 300 employees 12+ months

The consultancy process ISO 27001 implementation costs Cost structure: Direct costs of acquiring knowledge Cost of new technology Certification body Employees’ time

The consultancy process Implementation Approach With own employees only You have all needed resources Combination of employees and external help You need additional help Consultant does it all! We do everything for you

The consultancy process 16 steps towards certification Management support Budget, HR plan 1 Establishing the project Project plan 2 Identify requirements List of interested parties 3 Scope & management intention ISMS scope, Policy, objectives 4

The consultancy process 16 steps towards certification Risk process ISMS scope, Policy, objectives 5 Scope & management intention Risk assessment methodology 6 Risk assessment and treatment Risk assessment report 7 Which controls to implement Statement of Applicability 8

The consultancy process 16 steps towards certification Who will implement controls, deadlines Risk treatment plan 9 Define how to measure the effectiveness Measurement methodology 10 Implement controls &support procedures Documentation 11 Implement training & awareness programs Records 12

The consultancy process 16 steps towards certification Operate the ISMS Records 13 Monitor the ISMS Internal Audit, Corrective Actions 14 Management Review Minutes of meeting 15 Improvements Corrective & preventive actions 16

Discuss with local consultants the benefits you could achieve! Conclusions If set up properly, ISO 27001 can resolve more issues in your organization than you have expected. Discuss with local consultants the benefits you could achieve!

THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.