Data Security Smart Plan
ISO 27001 Smart Plan – Showing the Way
Data Security Smart Plan is a compact consultancy and education package which delivers straightforward, pragmatic and effective guidance on planning and executing an ISO27001/2 based Information Security Management System. It is approved by, and available via, HM Government’s Crown Commercial Service.
- Advance educates your senior team by providing a scaled down version of the implementation experience through a series of exercises, workshops and interviews.
- Anticipates the likely outcomes of the ISO27001/2 Gap Analysis and Risk Assessment Exercises highlighting the principal areas of security weakness within your organisation
- Advises on the likely security measures which will be required to mitigate those weaknesses and identifies the priority areas where you will need to focus resources.
- Provides a preview of the likely project outcome – how your Information Security Management System will look at project completion and the effect it will have on the daily operation of your organisation.
- Is delivered by experts who have had hands on responsibility for the practical implementation of ISO 27001/2 in operational environments.
“We found great value in Data Eliminate’s ISO 27001/2 Smart Plan. In a very short space of time, the different risks our organisation faces were identified and our main data security weaknesses exposed. The exercise opened our eyes. It showed us what will be required to improve our information security regime and how those changes should best be managed. The report will be central to the way in which we proceed”.
The Rising Need for ISO 27001 and Data Security
- All organisations need to protect valuable information assets, ‘big data’ and their reputation in the face of increasing cyber-attacks, computer fraud and media coverage.
- HM Government Departments like Business Innovation and Skills and the Ministry of Defence are specifying ISO 27001/2 as a pre-requisite for contracts in order to improve data security in their supply chains. ISO 27001/2 is becoming a necessity for companies subcontracting to prime suppliers – especially SMEs as they are viewed as the weakest link in the chain.
- The UK’s Information Commissioner’s Office (ICO) and the EU (through the European Data Protection Directive) are dramatically increasing the penalties for organisations who fail to protect personal information.
The Challenges Presented by ISO 27001/2
- ISO 27001/2 is a particularly large and complex standard to understand and implement. Implementing it is almost always a resource intensive and expensive exercise.
- The Standards suggest at a theoretical and technical level what information security measures might be taken in a large generic organisation without giving an indication of what will actually be required to suit the real world size and operational model of an individual business.
- It is difficult to know how implementation of ISO 27001 and its continuing use will affect the daily commercial operations of your organisation, and to what extent key business processes may be disrupted and require modification.
- Many information security experts find it hard to communicate in ways business people can readily understand. On top of this, ‘Gap Analyses’, ‘Statements of Applicability’ and other jargon can add to the mystery and confusion.
ISO 27001 Smart Plan Structure
Data Eliminate’s ISO27001- Smart Plan is tailored to the needs of each client. It will normally comprise:
- Introductory Session(s) – aimed at understanding your business processes, strategic objectives and current data security position
- A Risk Exposure Workshop – for representatives of your Senior Staff
- Information Security Interviews – based on the Risk Exposure Workshop
- An Outline Assessment of your ISO 27001/2 Compliance Position featuring:
- A list of Principal Risks faced by your Organisation
- The Most Serious Vulnerabilities in your current information security structure
- A set of Priority Actions which will determine the shape and course of your ISO27001/2 roll out.
- The “Focus Areas” where most of the work will be required to secure compliance with the ISO 27001/2 standards
5. Answers to Key Questions such as:
- Where do we start?
- What are the scope, extent and duration of the project likely to be?
- What are the principal pitfalls?
- What are our main information security weaknesses?
- What are we likely to have to do to mitigate them in line with the standard?
- To what extent will our existing business processes have to change?
- What are the risk assessments, statements of applicability etc. really like?
- What tactics and approaches can be used to make the project smoother and easier?
- How can we interpret the standards and deal with external auditors?
- How can our resources be best used and our money best spent?
- How will our organisation look when the implementation is complete?
What Clients Typically Need to Provide:
- A Basic Organisation Chart
- A summary overview of your IT infrastructure
- Between 2 to 5 of your senior staff for up to two days
- Co-operation and assistance from your Information Security Manager or Project Lead for up to 4 days.
Pricing and Contact Information
ISO27001 Smart Plans are specially prepared in line with the needs of the client.
For further information contact:
Data Eliminate Ltd,
107 Fleet Street,
London, EC4A 2AB
Tel: 0345 1234 400