Presentation is loading. Please wait.

Presentation is loading. Please wait.

Consultancy expertise for ISO design and implementation

Published byMavis Pierce Modified over 6 years ago

Similar presentations

Presentation on theme: "Consultancy expertise for ISO design and implementation"— Presentation transcript:

1 Consultancy expertise for ISO 27001 design and implementation
The Albanian experience CIS Forumi i Sigurisë së Informacionit 15 Tetor 2014 Hotel Tirana International MSc. Eng. Besmir Zanaj TMC- Training Management Consulting

2 Besmir Zanaj MSc in Telecommunication Engineering
Working in the IT sector for 7+ years Information security consultant for 3+ years Helping big and small businesses

3 Contents TMC – Training Management Consulting
Information Security Management System (ISMS) Benefits of ISO 27001 The ISO/IEC 27001:2013 Certification Process Biggest challenges in ISO implementation Challenges in Albanian companies The main mistakes in security implementation The consultancy process

4 Training Management Consulting
TMC - a center where professional experts produce synergy through interconnection of their knowledge and experiences to build Excellence for Clients with the Clients The experienced TMC’s consultants will your support in: Quality Management Systems (ISO 9001) Environmental and Health Safety Management (ISO & OHSAS 18001) IT Service Management (ISO 20000) Information Security Management (ISO 27001) – today’s speech  Food Safety Management (ISO 22000) Testing Laboratories (ISO 17025) More than 8 years of experiences in Albanian Market with over 100 projects Over 10 Staff & Partners Projects certified from: CIS, Quality Austria, TUV Nord, TUV Rheinland, Lloyd’s Registar, EQA, Eurocert etc. Strategic partners: QPLAN-INE Ltd, TU Berlin (Germany), ICG (Austria), IBK (Germany)

5 Information Security Management System (ISMS)
ISO 27001:2013 Provides requirements for Establishing Implementing Maintaining Continually Improving an Information Security Management System.

6 Information Security Management System (ISMS)
The adoption of an information security management system is a strategic decision for an organization. The standard covers all types of organizations, and all industries/segments The ISMS preserves the Confidentiality, Integrity and Availability of information by applying a Risk Management process

7 Benefits of ISO 27001 Compliance
Marketing value and more business partners (e.g. datacenters) Lowering the expenses Optimizing business processes

8 The ISO/IEC 27001:2013 Certification Process
Phase I : Before External Audit Implementation of ISMS Conduct Internal Audit Selection of a Certification body Phase II : External Audit Stage 1 Audit Stage 2 Audit Phase III : Following the audit Confirmation of Registration -> Certification Continual improvement and Surveillance audits (every year)

9 Biggest challenges in ISO 27001 implementation
Culture of a company/resistance to change Risk assessment and treatment Scope of effort (time and resources) for a small company Choosing the right consulting company for implementation assistance Top management commitment for the duration of the project

10 Challenges in Albanian companies
Management commitment is present but not delegated properly in employees Generally the project is delegated to IT Managers, not Information Security Managers The project manager is not certified or trained in information security Other important departments (Legal, HR) are not involved since the beginning of the project Companies should market the achievement!

11 The main mistakes in security implementation
Information security is not all about IT All company should be involved Information Security implementation needs time – plan for it! Information Security implementation needs people – hire/train them! The standard implementation leaves behind processes, not documentation. Seems too difficult, don’t start it this year…

12 The consultancy process
Gap analysis Offering Time required for a successful implementation ISO implementation costs Implementation Approach 16 steps towards certification

13 The consultancy process Gap Analysis
A full scale snapshot of the company status Free analysis for our clients Identify all gaps and needed effort Create a consultancy offer with minimum costs Added value: company can begin working on information security by just having this analysis

14 The consultancy process Offering
Set up the implementation program and schedule Identification of all efforts by the consultant Identification of all efforts from the client Best offering consisting in real effort working hours.

15 The consultancy process Time required for implementation
Smaller organizations – up to 100 employees up to 8 months Medium sized organizations – 100 to 300 employees 8 to 12 months Larger organizations – more than 300 employees 12+ months

16 The consultancy process ISO 27001 implementation costs
Cost structure: Direct costs of acquiring knowledge Cost of new technology Certification body Employees’ time

17 The consultancy process Implementation Approach
With own employees only You have all needed resources Combination of employees and external help You need additional help Consultant does it all! We do everything for you

18 The consultancy process 16 steps towards certification
Management support Budget, HR plan 1 Establishing the project Project plan 2 Identify requirements List of interested parties 3 Scope & management intention ISMS scope, Policy, objectives 4

19 The consultancy process 16 steps towards certification
Risk process ISMS scope, Policy, objectives 5 Scope & management intention Risk assessment methodology 6 Risk assessment and treatment Risk assessment report 7 Which controls to implement Statement of Applicability 8

20 The consultancy process 16 steps towards certification
Who will implement controls, deadlines Risk treatment plan 9 Define how to measure the effectiveness Measurement methodology 10 Implement controls &support procedures Documentation 11 Implement training & awareness programs Records 12

21 The consultancy process 16 steps towards certification
Operate the ISMS Records 13 Monitor the ISMS Internal Audit, Corrective Actions 14 Management Review Minutes of meeting 15 Improvements Corrective & preventive actions 16

22 Discuss with local consultants the benefits you could achieve!
Conclusions If set up properly, ISO can resolve more issues in your organization than you have expected. Discuss with local consultants the benefits you could achieve!

23 THANK YOU

Download ppt "Consultancy expertise for ISO design and implementation"

Similar presentations

Environmental Management System Implementation

Environmental Management System Implementation
ORGANIZATION. 2 Purchasing & Inventory Assessment Occurrence Management Information Management Process Improvement Customer Service Facilities & Safety.

ORGANIZATION. 2 Purchasing & Inventory Assessment Occurrence Management Information Management Process Improvement Customer Service Facilities & Safety.
Welcome Nacaro Williams 832-776-4959.

Welcome Nacaro Williams
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
ISO General Awareness Training

ISO General Awareness Training
Environmental Management Systems Refresher

Environmental Management Systems Refresher
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.

OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.
FPSC Safety, LLC ISO 14001 4.5.4 AUDIT.

FPSC Safety, LLC ISO AUDIT.
Www.lrqa.co.uk BS EN ISO 14001:2004 Madlen King BSc MSc MIEMA EMS Lead Assessor Lloyd’s Register Quality Assurance Ltd BS EN ISO 14001:2004.

BS EN ISO 14001:2004 Madlen King BSc MSc MIEMA EMS Lead Assessor Lloyd’s Register Quality Assurance Ltd BS EN ISO 14001:2004.
Key changes and transition process

Key changes and transition process
Key changes from OHSAS 18001:1999

Key changes from OHSAS 18001:1999
1 European Conference on Training Strategies Kieran Cox -NSAI Education & Promotion-

1 European Conference on Training Strategies Kieran Cox -NSAI Education & Promotion-
Introduction to ISO 14000. International Organization for Standardization (ISO) n Worldwide federation of national standards bodies from over 100 countries,

Introduction to ISO International Organization for Standardization (ISO) n Worldwide federation of national standards bodies from over 100 countries,
Implementation of ISO 14001/OHSAS TMS Consultancy Ltd.

Implementation of ISO 14001/OHSAS TMS Consultancy Ltd.
Presented to: By: Date: Safety Management Systems Oklahoma FFSHC Stephanie Schroeder, CSP November 14, 2013.

Presented to: By: Date: Safety Management Systems Oklahoma FFSHC Stephanie Schroeder, CSP November 14, 2013.
Setting up an Internal Audit Program By www.22000-Tools.comwww.22000-Tools.com.

Setting up an Internal Audit Program By
Günter Griesmayr 29. April 2010

Günter Griesmayr 29. April 2010
© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC 27001 Standard for Information Security Management Systems.

© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.
10/20/2015 1 The ISMS Compliance in 2009 GRC-ISMS Module for ISO 27001 Certification.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.

Similar presentations

Ads by Google