ProcessLOGIX Consulting Pvt. Ltd.

Effective Business Solutions Consulting ● Technology ●Services

_________________________________________
ISO 27001 Frequently Asked Questions

What is ISO 27001?

ISO 27001 is an international standard published by International
Organization for Standardization. The standard specifies requirements
of an information security management system that an organization
can build and operate. The willing organization can look at these
requirements and build its own information security management
system (ISMS) based on those requirements. Additionally the
organization can approach a certification agency to carry out an
external audit of the implemented ISMS in order to get certified.

What is ISMS?
ISMS, information security management system is a management
system based on a systematic business risk approach establish,
implement, operate, monitor, review, maintain, and improve
information security. It is an organizational approach to information
security.

What is Information Security?

Information security is the protection of information to ensure:
• Confidentiality: ensuring that the information is accessible only
to those authorized to access it.
• Integrity: ensuring that the information is accurate and
Confidentiality complete and that the information is not modified without
authorization.
Information • Availability: ensuring that the information is accessible to
authorized users when required.
Integrity Availability Information security is achieved by applying a suitable set of controls
(policies, processes, procedures, organizational structures, and
software and hardware functions).

_____________________________________________________________________
Corp Off: B93, Shyamlal Bhavan, Kantilal Compound, R.J. Road, Andheri (E), Mumbai – 400 093
Pune: 9, Priyanka, Sanewadi, Aundh, Pune – 411 007
Tel: +91-9923155209 / 9987094949 /9820430517 / 9967585311
Web: http://www.processlogixconsulting.com E-mail: info@processlogixconsulting.com
ProcessLOGIX Consulting Pvt. Ltd.
Effective Business Solutions Consulting ● Technology ●Services
_________________________________________
Why should we implement ISMS and get certified to ISO 27001?
If information assets are important to your business, you should
consider implementing ISMS in order to protect those assets within a
sustainable framework.

If you implement ISMS, you should consider joining the growing

number of organizations around the world that have already gone
through the process to be certified against the ISO/IEC 27001 standard.
A successful ISMS certification provides an assurance that an
independent team of evaluators has audited your information security
management system and certified your adherence to the international
standard. This can be a differentiating factor for your business. ISO/IEC
27001 continues to build a reputation for helping to model business
practices that enhance an organization’s ability to protect its
information assets.

How to implement ISMS?

The implementation process includes:
1. Define scope of ISMS - which processes, which departments
2. Gap Analysis (the best by third party)
3. Information classification
4. Risk assessment
5. Implementing changes (controls) indentified in risk assessment
6. People training
7. Internal audit
8. Corrective and preventing actions
9. Management review
10. Certification

What is the certification process?

The certification process includes:
1. Stage 1 audit: The Certification Body (CB) auditor examines the
pertinent documentation.
2. Taking action on the results of the part 1 audit.
3. Stage 2 audit: The CB sends an audit team to examine your
implementation of the reviewed, documented ISMS.
4. Correction of audit findings. Agreeing to a surveillance
schedule.
5. Issuance of certificate. (Depending on the CB this can take a few
weeks to several months.)
Following initial certification, the ISMS is subject to surveillance as
specified by the CB, and then requires re-certification after three years.

_____________________________________________________________________
Corp Off: B93, Shyamlal Bhavan, Kantilal Compound, R.J. Road, Andheri (E), Mumbai – 400 093
Pune: 9, Priyanka, Sanewadi, Aundh, Pune – 411 007
Tel: +91-9923155209 / 9987094949 /9820430517 / 9967585311
Web: http://www.processlogixconsulting.com E-mail: info@processlogixconsulting.com
ProcessLOGIX Consulting Pvt. Ltd.
Effective Business Solutions Consulting ● Technology ●Services
_________________________________________
What are the benefits of certified ISMS?
The benefits of certified ISMS are numerous. The most realized
benefits are:
• Increased security and reliability of information systems
• Enhancement of client confidence & perception of your
organisation
• Cost-effective and consistent information security practices
• A valuable framework for resolving security issues
• Enhancement of business partners’ confidence & perception of
your organisation
• Better contingency planning
• Reduced costs from consolidating and optimizing systems
• Improved management of risk
• Improved management control
• Better employee working environment
• Provides confidence that you have managed risk in your own
security implementation
• Enhancement of security awareness within an organisation
• Assists in the development of best practice
• Can often be a deciding differentiator between competing
organisations

_____________________________________________________________________
Corp Off: B93, Shyamlal Bhavan, Kantilal Compound, R.J. Road, Andheri (E), Mumbai – 400 093
Pune: 9, Priyanka, Sanewadi, Aundh, Pune – 411 007
Tel: +91-9923155209 / 9987094949 /9820430517 / 9967585311
Web: http://www.processlogixconsulting.com E-mail: info@processlogixconsulting.com