“Rising up to standards not only helps an organization fine tune its capabilities but helps the market adjudge and relate to them better. It is an undisputed fact that information is a key asset and organization must guard this asset from the incessant flow of threats and security breaches that the business environment has been challenged continually.”

Considering the increase in vulnerabilities, every organization should ensure that their information systems are attuned for the following:

An Information Security Management System (ISMS) is a management system to establish policy and objectives for information security within the context of the organization’s overall business risk.

Astral adopts the ISO 17799:2005 / BS7799-1:2005 Information Technology security Techniques code of practice for information security management for the implementation of ISMS. Further, organization can opt for certification under BS ISO/IEC 27001:2005 / BS 7799-2:2005 which is the certification standard for ISMS. It consists of 11 security control clauses, 39 security categories and 133 security controls. This standard follows the PDCA model for ISMS processes.

Means Methods and Outcome:
The ISMS adopts the following stages to support organization emulate the standards and qualify for compliance and certification.

Plan (Establish the ISMS)
Establish ISMS policy, objectives, processes and procedures relevant to managing risk and improving information security to deliver results in accordance with an organization’s overall policies and objectives.

Do (Implement and operate the ISMS)
Implement and operate the ISMS policy, controls, processes and procedures.

Check (Monitor and review the ISMS)
Assess and, where applicable, measure process performance against ISMS policy, objectives ad practical experience and report the results to the management for review.

Act (Maintain and improve the ISMS)
Take corrective and preventive actions, based on the results of the internal ISMS audit and management review or other relevant information, to achieve continuous improvement of the ISMS.

Astral’s ISMS Implementation Services

• Facilitating Risk Assesment.
• Facilitation for Prioritization of risks, selection of controls and risk mitigation
• Implementation support
• Certification Support
• Post Implementation/Certification Health Check

Deliverables:

• Information Security Policies
• A Comprehensive risk assessment report
• Statement of applicability, describing which parts of the ISO/IEC 27001:2005 are relevant and applicable for the organization’s ISMS.
• Procedures adopted to implement the controls including responsibilities and relevant actions.
• Procedures covering the management and operation of the ISMS.