How to make Implementation of
ISO 27001 easier by using ISO 9001
Many companies that have implemented ISO 9001 look towards ISO 27001 implementation without knowing they can actually reduce the implementation time by 30%ISO 27001 and ISO 9001 may seem like quite different standards, but when you take a closer look at both, you can find a lot of similarities. They have the same Plan-Do-Check-Act (PDCA) cycle, four mandatory procedures are the same (Internal audit, Document control, Corrective action and Preventive Action), the role of management is very similar etc
· applies to the processes that create and control the
products and services an organisation supplies
· prescribes systematic control of activities to ensure
that the needs and expectations of customers are met
· is designed and intended to apply to virtually any
product or service, made by any process anywhere in the world
· Identify the requirements of ISO 9001 and how they
apply to the business involved.
· Establish quality objectives and how they fit in to
the operation of the business.
· Produce a documented quality policy indicating how
these requirements are satisfied.
· Communicate them throughout the organisation.
· Evaluate the quality policy, its stated objectives and
then prioritise requirements to ensure they are met.
· Identify the boundaries of the management system and
produce documented procedures as required.
· Ensure these procedures are suitable and adhered to.
· Once developed, internal audits are needed to ensure
the system carries on working.
ISO 27001specifies the management of Information Security.
Applicable to all sectors of industry and commerce, it is not confined just to
information held on electronic systems, but addresses the security of
information in whatever form it is held.
· Customers,
employees, trading partners and stakeholders are comforted in the knowledge
that your management information and systems are secure.
· Demonstrates
credibility and trust.
· Cost
savings - even a single information security breach can involve significant expense.
· Establishes
that relevant laws and regulations are being adhered to.
· Shows
that a commitment to Information Security exists at all levels throughout an organization
· Confidentiality
- ensuring that access to information is appropriately authorized
· Integrity
- safeguarding the accuracy and completeness of information and processing
methods
· Availability
- ensuring that authorized users have access to information when they need it
Security policy
· Organizational
security
· Asset
classification and control
· Personnel
security
· Physical
and environmental security
· Communications
and operations management
· Access
control
· System
development and maintenance
· Business
continuity management
· Compliance
By implementing a management system
within a legislative and regulatory framework such as ISO 9001, organizations
can demonstrate compliance and reduce exposure to risk. In addition, by
extending an existing quality management system (QMS) to encompass the
requirements of an Information security management system (ISMS), organizations
can enhance their compliance and achieve improvement throughout the
organization. Extending an existing quality management system (QMS) to
encompass the requirements of an Information security management system (ISMS)
enables organizations to comply with an increasing Number of legal and
regulatory requirements and enables the adoption of an integrated approach to Compliance
management
No comments:
Post a Comment