The Creation of a New Information Security Methodology Based on ISO 27001:2013

All Projects

One of the main success criteria for an organization is to have systematic approach to information security. Systematic approach to information security will enable the organization and its risk management teams anticipate threats to your organization’s information assets, identify vulnerabilities and develop proactive/preventative controls to mitigate them. Implementation of ISO 27001:2013 as the most universally accepted standard for Information Security will guarantee your information security related targets.

With a team of experienced and certified information security professionals GTS has an in depth understanding of the standard and our implementation strategy is based on a phased approach:

Stage 1: Gap Analysis — GTS security professionals will perform gap analysis of your current system against the requirements of ISO 27001, including a physical security review. The results of the analysis will be documented into a report defining the level of compliance and will be used to consolidate the risk treatment plan for the implementation of the Control Implementation Strategy.

Stage 2: Risk Assessment — This phase consists of creating an asset register containing all the information assets of the organization is built. This involves meetings and discussions with the key stakeholders of your organization. Company-wide risk assessment is then conducted on the critical information assets and appropriate controls to mitigate the identified risks are selected.

Stage 3: Risk Treatment — GTS will formulate a strategy for the implementation of the controls selected in the previous phase. Also during this phase all the documentation related to the implementation of ISMS will be developed. This will include the formulation of mandatory and supporting procedures supporting the policies. The policies and procedures address the risks identified during the risk assessment phase.

Stage 4: Control Implementation — GTS team will assist the internal teams and stakeholders with the implementation of the identified controls. During this phase GTS consultants will advise and guide the implementation team.

Stage 5: ISMS Readiness Review — GTS team will review your readiness to achieve ISO 27001 certification and prepare your audit team to conduct internal audits. The audit results will be evaluated and gaps, if found will be closed by your implementation team with guidance from GTS consultants.

Stage 6: Certification audit — During this phase implemented ISMS including controls will be audited by certification body’s team of auditors. GTS consultants will work with your internal team to mitigate any non-conformities or observations noted by the external auditors.

Result: Upon completion of the project, a standardized information security system ISO 27001: 2013 was installed in accordance with all requirements.