ISO 27001 Consulting

What is ISO 27001?

ISO 27001 was published by the International Organization for Standardization (ISO) on 15 October 2005. Essentially, ISO/IEC 27001 defines an Information Security Management System (ISMS) and complements the ISO/IEC 17799 'code of practice' standard, itself first published as BS 7799-1. The two standards are closely aligned and related, but perform distinctive roles.

ISO/IEC 27001 is a standard setting out the requirements for an information security management system (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties including an organization's customers. It is suitable for several different types of organizational use, including the following:

• Formulation of security requirements and objectives;
• To ensure that security risks are cost effectively managed;
• To ensure compliance with laws and regulations;
• As a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
• Identification and clarification of existing information security management processes;
• To be used by management to determine the status of information security management activities;
• To be used by internal and external auditors to determine the degree of compliance with the policies, directives and standards adopted by an organization;
• To provide relevant information about information security policies, directives, standards and procedures to trading partners;
• To provide relevant information about information security to customers.

To Risk or Not to Risk?

To risk or not to risk your corporate information? This is the question that should be discussed within your organization. Do you put your organization at risk or do you take actions to establish and manage ISMS?

ISO 27001 is a risk based approach for assessing, evaluating, treating and managing Information and Asset security risks, a review process for re-assessing the risks and the effectiveness of this system and to have an internal ISMS audit process for checking compliance.

The Objective

Protection of information asset from wide range of threats to ensure business continuity, minimize business damage and maximize return on investments and business opportunities. In short ensures preservation of Confidentiality, Integrity and Availability of your business critical data.

Our Offerings

Implementing ISMS in organization requires sufficient ISO27001 domain expertise. NSS ISO27001 Certified Consultants are backed with strong Information Security domain expertise to help organizations achieve compliance in accordance to the ISO27001 standard.

We offer:

• ISMS Gap Analysis
• ISMS Risk Assessment
• ISMS Implementation Services
• ISMS Awareness Training
• ISMS Pre-Audit Services
• ISMS Regular Review
• ISO27001 Certification Trainings

Why NSS?

NSS is a pure play Information Security company backed by consultants with security credentials such as CISA, CISSP, OPST, and ISO 27001 Lead Auditor and holds associate partnership with BSI (British Standard Institution).

• ISMS implementation track record for over 20 companies world-wide including 12 companies that have been BS7799 certified 
• ISO27001 Certification trainings for over 30 fortune 1000 companies
• First ISO 27001 company certified in ASEAN (UKAS accredited)
• Over 30 consultants with ISO 27001 certification
• Proven global track record in Information Security consulting with local presence

If you are interested, or would just like more information, please contact us directly.