What's New
arrow Press Releases
arrow Community Involvement
  ISO/IEC 27001:2005/ISO/IEC 27001:2005
The final version of ISO/IEC 27001:2005, the international information security standard, was released on October 15, 2005. Upon release ISO/IEC 27001:2005 supersedes BS 7799-2:2002 for certification requirements. This new version has been under development since 2000 and introduces a number of important changes making it the most widely accepted information security standard in the world.

As the trend in information security continues to change from technical security controls to a greater concern for overall business risk management, ISO 27001 will grow in worldwide acceptance as the recognized standard to guide businesses in the establishment of an acceptable level of risk tolerance and to successfully manage and mitigate risk in an interconnected eBusiness environment.

ISO 27001 is a code of practice for Information Security Management Systems (ISMS) developed by industry for industry. An ISMS is the means by which Senior Management monitors and controls their security, minimizing the residual business risk and ensuring that security continues to fulfill corporate, customer and legal requirements. ISO/IEC 27001:2005 provides 133 information security controls under 11 domains and enables users to identify the controls appropriate to their particular business. ISO 27001 provides a comprehensive framework to guide and focus your efforts in building an ISMS. The standard provides guidance on security policy, staff security awareness, business continuity planning and legal requirements. ISO/IEC 27001:2005 is the Specification used for the Certification of an Information Security Management System.

WHAT ARE THE BENEFITS?
ISO/IEC 27001:2005 and ISO/IEC 27001:2005 provide organizations with the assurance of knowing that they are protecting their information assets using criteria in harmonization with an internationally recognized standard. As laws and regulations continue to change ISO/IEC 27001:2005 incorporates a requirement for identifying which laws are relevant to your operation and assures that you have addressed compliance. Benefits are applicable to organizations of all sizes and all ISMS maturity levels, not only large enterprises. ISMS certification can provide many benefits:

  arrow Provides a framework for resolving security issues
arrow Provides policies & procedures in accordance with internationally recognized criteria, structure and methodology
arrow Enhances client confidence & perception of your organization
arrow Enhances business partners' confidence & perception of your organization
arrow Provides confidence that you have minimized risk in your own security program
arrow Can be a deciding differentiator in contract negotiations
arrow Enhances security awareness within an organization
arrow Assists in the development of best practice
arrow A defined process for implementation, management, maintenance and ISMS evaluation
arrow Assured continued due diligence to maintain certification through bi-annual surveillance visits
arrow Evaluations conducted by certified, impartial and monitored assessors using an accredited methodology
arrow A performance yardstick to harmonized criteria resulting in mutual recognition
arrow Increased security delivers lower costs: fraud, inefficiency and errors should be reduced
arrow Reduced insurance premiums
arrow Compliance advantages for participation in Global business opportunities
arrow Assures attention to regulation and legislation compliance


WHY CHOOSE C&H FOR YOUR CONSULTING NEEDS?
C&H recognizes that many organizations have made significant investments to implement policies and systems supporting quality, security, privacy and compliance requirements. An integral part of our methodology evaluates the value of policy and systems in place to make full use of any existing knowledge or best practice with a view to expedite ISMS implementation. C&H offers the advantage of protecting your existing investment as well as the shortest possible ISMS implementation schedule.

We are dedicated to providing risk mitigation solutions to our clients. ISO/IEC 27001:2005 and ISO/IEC 27001:2005 are at the heart of our ISMS assessment business. C&H has been selected by the British Standards Institute (BSI) to perform pre-certification consulting services, audits and support for organizations seeking certification. We have developed an expert level understanding of the Standard and know how to design, manage and guide implementation plans to achieve compliance leading to certification if desired, in a professional and pragmatic manner. Every opportunity to incorporate existing systems, controls and procedures into the customized compliance plan for your organization will be maximized.

Our consultants have been professionally trained by BSI and in combination with their extensive experience in business management, finance, IT operations, information security and best practice, are well qualified to assist your organization. We have significant experience in diverse industries, including; Pharmaceutical, Banking, Defense, Technology, Professional Services, and Healthcare. Each of our consultants has extensive training/experience in leading organizations through the ISO/IEC 27001:2005 compliance and certification process.

SERVICES
The first step in establishing an Information Security Management System is to identify the areas of your business which are most at risk, or would produce the most gain from implementation. This effort identifies the Scope of your ISMS. Second, C&H will take measure of any existing elements of an ISMS already in place to speed compliance implementation. C&H services offered include:

  arrow Provide a Free ISO 27001 Management Presentation
arrow ISMS Scope Definition
arrow Performing an assessment of your existing ISMS
arrow Conducting a "Gap" analysis of your ISMS with the Standard
arrow Management & Employee Training
arrow Development of Security Policies
arrow Statement of Applicability
arrow ISMS Manual Development
arrow Business Continuity Planning
arrow Development of Controls and Procedures
arrow ISMS Audits
arrow Project Management from Design through Implementation
arrow Pre-certification Audits and support
arrow Post Certification Audits Corrective Action Support


For more information on Churchill & Harriman, please Click Here.

  
Engaging Your Vendors

Integrating the BITS Shared Assessments Program Elements Into Your Vendor Management Program

A Case Study and Lessons Learned
For more information contact info@chus.com
C&H Institutional Competencies

Please review our Institutional Competencies that document our commitment to providing quality risk mitigation solutions.
Contact Us!

Learn more about doing business with Churchill & Harriman Click Here

> Click Here for Directions

Site Contents © 1999 - 2008 Churchill & Harriman All Rights Reserved