Having a systematic approach to information security is the key to its success in any kind of an organization. A systematic approach- which your auditors use, helps to anticipate threats to your organization’s information assets, and develop plans to mitigate them. The best policy to follow in such a case is to adopt internationally accepted best practices instead of “reinventing the wheel.” ISO 27001 is the most universally accepted standard for Information Security the world over.

ISO/IEC 27001 is the only audit-able international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls based on the risks the organization is exposed to.

This helps implementing organizations to protect your information assets by eliminating vulnerabilities. It gives confidence to any interested parties, especially your customers. It is great tool for the identification of and compliance with applicable regulations. The ISO standard 27001 brings consistency in the entire organization’s approach to information security making it highly manageable, whatever be the scale of operations. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the ISMS.

Amandata XecurePASS services provide assistance in the implementation of ISO 27001 framework. With a team of experienced information security professionals who are also ISO 27001 certified Lead Implementers and Auditors, we have an in depth understanding of the standard. Our implementation strategy is based on a phased approach:

• Phase 1: Gap Analysis — Amandata security professionals will conduct an analysis of gaps in your current system against the requirements of ISO 27001 including a physical security review. The observations will be compiled into a report defining your level of compliance and will be used to consolidate the risk treatment plan for the compilation of the Control Implementation Strategy.
• Phase 2: Risk Assessment — This is the most crucial phase of the implementation, wherein an asset register containing all the information assets of the organization is built. This involves meetings and discussions with the key stake holders of your organization. A comprehensive risk assessment is then conducted on the critical information assets, based on which appropriate controls to mitigate the identified risks are selected.
• Phase 3: Risk Treatment — During this phase Amandata will formulate a strategy for the implementation of the controls selected in the previous phase. Also during this phase all the documentation pertaining to the ISMS will be developed. This will include the formulation of Information Security Policies & various procedures supporting the policies. The policies and procedures address the risks identified during the risk assessment phase.
• Phase 4: Control Implementation — The implementation roadmap, which is the outcome of the previous phase will guide your organization’s team in the implementation of the identified controls. During this phase Amandata consultants will advise and guide the implementation team.
• Phase 5: ISMS Readiness Review — This phase will review the readiness of the client to achieve ISO 27001 certification. Amandata will guide and prepare the client’s audit team to conduct internal audits. The audit results will be evaluated and gaps, if found will be closed by your implementation team with guidance from Amandata consultants.
• Phase 6: Certification audit — Finally, you will face the certification body’s team of auditors. Amandata consultants will hand hold your team during the audit. We will assist you in the closure of any Non Conformities or observations noted by the external auditors and help you in achieving the ISO 27001 certification.

During consultancy and upon completion of the certification, a detailed report is sent to the client, including the following:

• GAP Analysis Report: Summary of the GAP Analysis , as well as as recommendation of the finding to meet ISO 27001.
• Policy & Procedures: A standard Policy & Procedure that require by ISO 27001 including supporting document, such as forms, reports, etc.
• Conclusion & Recommendations: This section provides final recommendations and summary of the issues found during certification process.