HomeInformation Security Management System

Information Security Management System

Are you thinking about improving your information security posture? Have you been advised to do it by a smart customer to win or retain their business? Perhaps you are perplexed about jargon like ISMS &ISO 27001 and the options around compliance versus certification?

What is ISMS

An Information Security Management System describes and demonstrates your organization’s approach to managing sensitive information and assets. It encompasses people, policies, controls and systems that identify and address the opportunities and threats revolving around valuable information and related assets.

Control areas covered by ISMS standard

  • Preparation and review of Information Security policy
  • Organization of Information Security
  • Asset Management (Classification and Control)
  • Human Resource (Personnel) Security
  • Physical and Environmental Security
  • Operations Security
  • Communications Security
  • Access Control
  • Information systems acquisition, development and maintenance
  • Supplier Relationships
  • Information security incident management
  • Business continuity management
  • Compliance

Our Approach

  • ISMS Gap Analysis

The engagement is conducted on site by our lead implementer and includes on-site interviews with key stakeholders, a documentation review and a detailed report containing all the findings and recommendations of the auditor.

  • ISMS Implementation Support

Our in-house consulting team is on-hand to offer you support and guidance when implementing your ISMS to ensure it is the most efficient and robust process for your business.

  • ISMS Documentation Development Support

Having comprehensive policies and procedures are essential to maintaining your ISMS and protecting your organization but organizations can often struggle with the requirements and resources in creating this documentation. MSI’s ISMS consulting team can assist you in creating draft documentation to suit your organization. These policies are often focused on the IT gaps within the organization and are always tailor-made to suit your organization.

  • ISMS Training (Lead Implementer and Lead Auditor)

Our ISMS consultants offer full lead implementer and auditor training to allow you to maintain your ISMS after your certification.

  • Pre-Audit Review

Our team of consultant will  conduct a annual health check of overall ISMS and before every audit to ensure that the implemented ISMS is compliant with requirements and elimination of major non-conformities.

Our ISMS consultancy services help you:

  • Improve overall security posture to reduce the appetite for risk
  • Maintain compliance with regulatory requirements
  • Ensure that activities, assets and risks related to IT Security are recorded and auditable
  • Increase the level of security and awareness of best practices through continuous training