You are here: Home / Services / Development and implementation of Information Security Management System

Development and implementation of Information Security Management System

Development and implementation of Information Security Management Systems (ISMS) is the main specialization of GlobalTrust. We were one of the first Russian companies, which began to carry out works on introduction of information security management processes and their audit according to requirements of BS 7799 (ISO 27001).

ISMSSince 2004 GlobalTrust prepares Russian companies for certification under requirements of British and international standards BS 7799/ISO 27001. We have unique experience in area of audit, risk assessment, implementation of security controls and preparation for certification under the international standards.

International Standard ISO 27001 has been prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS. The adoption of an ISMS should be a strategic decision for an organization. The design and implementation of an organization’s ISMS is influenced by their needs and objectives, security requirements, the processes employed and the size and structure of the organization. These and their supporting systems are expected to change over time. It is expected that an ISMS implementation will be scaled in accordance with the needs of the organization, e.g. a simple situation requires a simple ISMS solution. This International Standard can be used in order to assess conformance by interested internal and external parties.

ISO 27001 adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's ISMS. An organization needs to identify and manage many activities in order to function effectively. Any activity using resources and managed in order to enable the transformation of inputs into outputs can be considered to be a process. Often the output from one process directly forms the input to the next process.

The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management, can be referred to as a “process approach”. The process approach for information security management presented in ISO 27001 encourages its users to emphasize the importance of:

  1. understanding an organization’s information security requirements and the need to establish policy and objectives for information security;
  2. implementing and operating controls to manage an organization's information security risks in the context of the organization’s overall business risks;
  3. monitoring and reviewing the performance and effectiveness of the ISMS; and
  4. continual improvement based on objective measurement.

This International Standard adopts the "Plan-Do-Check-Act" (PDCA) model, which is applied to structure all ISMS processes. ISMS takes as input the information security requirements and expectations of the interested parties and through the necessary actions and processes produces information security outcomes that meets those requirements and expectations.

The adoption of the PDCA model will also reflect the principles as set out in the OECD Guidelines governing the security of information systems and networks. ISO 27001 provides a robust model for implementing the principles in those guidelines governing risk assessment, security design and implementation, security management and reassessment.

Operations on creation of ISMS and their preparation for certification GlobalTrust co-ordinates with the Russian branch of BSI - the global leader in this field.