Information Security Management Services

Information Security Management Services ( based on ISO 27001 )

Organisations are increasingly being required to incorporate information security management and governance into their corporate governance arrangements. This is often either through legislation, regulatory pressure or contract compliance. In South Africa, the King Code of Governance (King III) provides guidance on the implementation of information security managements systems in organisations.

By working with our experienced and certified consultants, to implement an ISMS, your organisation has an opportunity to plan for security threats, evaluate and rectify weaknesses, and improve your ability to respond to security incidents.
Our information security management services are based on the principles of the ISO 27001 standard, the only internationally accepted standard for information security.

iso27001

 What is Information Security Management?

The purpose of information security management is to ensure that the occurrence of security violations and incidents are kept to a minimum. In the event of the actual occurrence of security incidents, the impact of these incidents are managed and are kept to a minimum.

Advantages

An ISMS provides a business driven process that establishes a fit-for-purpose strategic and tactical framework that allows  organisations to:

  • Ensure that the organisation is managed in compliance to corporate requirements as well as external laws and regulations;
  • IT-related business risk is managed;
  • Security and integrity of information, applications and technology platforms are kept intact;
  • Information is readily available to business users when it is required;
  • Predictable and effective response to security incidents;
  • Protection of information;
  • Brand and reputation protection;
  • Confidence of clients; and
  • Legal, regulatory and contract compliance

What is the value of ISO 27001 Certification for my organisation?

By achieving certification to the ISO 27001 standard, an organisation is able to demonstrate to its stakeholders such as its board, customers, government, and industry regulators that its management of information security complies with international best practices that that information assets and stakeholder interests are well managed.

ISMS Health Check

Our ISMS Health Check is based on the ISO principles and framework of Plan, Do, Check and Act, the Deming Cycle. We will provide concrete findings, identify risks and recommendations for effective ISMS implementation and /or ISO 27001 compliance.

ISMS implementation services covers the implementation of the following management practices:

  • Governance, risk and compliance management of information security in terms of Policy, Risk management and Compliance
  • Management of information security covering malware, networking, endpoints, identity and access, and event and incident management.
  • Security organisation and responsibilities;
  • Asset management;
  • Human resources management;
  • Physical and environmental security;
  • Communications and operations management;
  • Information systems acquisition, development and maintenance; and
  • IS project and programme implementation.

ISMS Auditing

Our certified auditors will audit and verify that your ISMS is operating effectively.