ISO17 -- Setting the Standard in Information Security Management

Your company may have an idea of the internal resources available and time frame desired to create a compliant Information Security Management System (ISMS), but where do you start? ISO17 streamlines the path to certification by automating the entire process. Using our powerful technology, comprehensive support program and tailored process, you can create a fully integrated ISMS that suits the exact needs of your company.

Before getting started on the path to certification, you'll meet with one of ISO17's expert consultants, who will help you plan your ISMS. Your consultant will be available to guide you and answer questions throughout the entire ISMS building process. The following details a few of the steps that will lead you down the path to the compliance of the ISO17 way:

Gap Analysis
Gain a clear picture of the areas and procedures for building a compliant ISMS through an analysis of your current procedures and the requirements that are yet to be met.

Project Planning
Work hand-in-hand with your consultant to customize your project. From building a timeline with action items, to key role assignments, you'll set the path for successful implementation.

Creating and agreeing the ISMS policy
Define your information security policy and scope for compliance and begin generating your company's ISMS procedures.

Conducting Risks Assessment
The next step is to assess the risks and threats to assets, vulnerabilities and impacts to your organization and the information processing system. Course of actions should be determined by the relevancy to the information security policy and the degree of acceptable risks and assurance required.

Registrar Selection and Liaison
Decide which registrar best matches your company's needs based on cost, industry expertise, location and other personal requirements.

Selecting and implementing controls
You should determine what control objectives and controls are relevant for your information security management system. You need to justify which are the relevant controls and which are not. Your justification will be stated in the Statement of Applicability. Complete the drafting and approval of all procedures and forms and begin retaining records according to the retention schedule.

Training
Plan and conduct awareness training and other job specific skill-sets and conduct technical training to ensure all employees are clear on the requirements of the ISMS and their specific roles and responsibilities.

Checking and Review
Put your ISMS into action by taking corrective and preventive actions, conducting internal information security audit and management review meetings, and testing the business continuity plans.

Registration Audit
Prepare for the registrar's visit with a pre-assessment audit to ensure your ISMS will pass the test of compliance.

Looking for more help? We offer a range of additional services to assist you with everything from guidance through the various stages of building a management system to maintaining compliance and everything in between.