ISO 27001 / ISMS

Astral adopts the ISO 17799:2005/ BS7799-1:2005 Information Technology Security Techniques Code of practice for information Security Management for the implementation of ISMS.

Astral can frame and help in implement ISMS policy and procedure for any organization and Help in for organizations to get certification under BS ISO/IEC 27001:2005/ BS 7799-2:2005 which is the certification standard for ISMS.

It consists of 11 security control clauses, 39 security categories and 133 security controls. This standard follows the PDCA model for ISMS processes.

The ISMS adopts the following stages to support organization emulate the standards and qualify for compliance and certification.

Plan (Establish the ISMS)
Establish ISMS policy, objectives, processes and procedures relevant to managing risk and improving information security to deliver results in accordance with an organization's overall policies and objectives.

Do (Implement and operate the ISMS)
Implement and operate the ISMS policy, controls, processes and procedures.

Check (Monitor and review the ISMS)
Assess and where applicable, measure process performance against ISMS policy, objectives and practical experience and report the results to the management for review.

Act (Maintain and improve the ISMS)
Take corrective and preventive actions, based on the results of the internal ISMS audit and management review or other relevant information, to achieve continuous improvement of the ISMS

Astral's ISMS Implementation Services
  • Facilitating Risk Assessment
  • Facilitation for Prioritization of risks, selection of controls and risk mitigation
  • Implementation Support
  • Certification Support
  • Post Implementation / Certification Health Check
  • Information security policies
  • A comprehensive risk assessment report
  • Statement of applicability, describing which parts of the ISO/IEC 27001:20045 are relevant and applicable for the organization's ISMS.
  • Procedures adopted to implement the controls including responsibilities and relevant actions
  • Procedures covering the management and operation of the ISMS