ISO 27001 Information Security Management System
Data security is one of the top 10 risks that keep the C-suite worrying. It is as much a people and process related risk as it is a technology risk. ECCI has been helping organisations manage their information security risk by helping implementing technology solutions as well as process improvement solutions in the form of best practices such as ISO 27001. There are over 22000 organisations certified to this standard since the launch of its original version in 2005.
About ISO 27001
ISO/IEC 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information security risks. The ISMS is an overarching management framework through which the organization identifies, analyzes and addresses its information security risks. The ISMS ensures that the security arrangements are fine-tuned to keep pace with changes to the security threats, vulnerabilities and business impacts - an important aspect in such a dynamic field, and a key advantage of ISO27k’s flexible risk-driven approach as compared to, say, PCI-DSS.
The standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profits), all sizes (from micro-businesses to huge multinationals), and all industries or markets (e.g. retail, banking, defense, healthcare, education and government). This is clearly a very wide brief.
Key Focus Areas / Domains
Key Services we offer:
Implementation of Service Management System
Consulting: Using the ISO 27001 standard and other risk management best practices / frameworks including OCTAVE, ECCI provides strong IT Security advisory services ranging from gap assessments and risk assessments to full-fledged management system implementation.
Training: ECCI prepares practitioners and auditors for information security management through Internal Auditor and Lead Auditor trainings; ISMS Practitioner and Risk Assessment workshops.
Implementation Toolkit: ECCI has developed a stand-alone ISMS implementation toolkit filled with templates and artifacts for organizations striving to implement information security.