| It is becoming increasingly critical that
information security is given the attention and level of
importance it deserves. Most organizations are now absolutely
dependent upon their information and business systems, so much
so that serious disruption can mean disaster or critical loss.
ISO 27001 is the only internationally accepted
worldwide standard/code dealing comprehensively with these
issues.
The British Institute has suggested the Plan – Do
– Check – Act methodology for implementation of the
ISO27001 standard, in line with other management standards like
Quality Management System and Environmental Management System.
MIEL has developed a unique methodology for implementation
of ISO 27001 controls by breaking down the entire PDCA cycle in
5 distinct phases. MIEL’s unique 5 phase methodology to
attain compliance to ISO 27001 standard is as follows:
- Phase I: Information Security Profiling: It
identifies the gaps in security vis-à-vis ISO 27001
standard
- Phase II: Information Security Prescription: It
suggests the security measures, including administrative,
physical, and technical controls
- Phase III: Information Security Treatment: In
this phase, the security measures are implemented
- Phase IV: Information Security Vigil: Here, the
implementation is monitored to ensure that the security
measures are effective in mitigating the risks and
ensuring security of the information assets.
- Phase V: Information Security Certification:
Successful implementation of the previous phases leads to
the final phase of Security Certification.
Deliverables for each phase are clearly defined to achieve
repeatability and multi-location implementation by multiple
teams. The time bound schedule helps in tight project
management control ensuring the project timeliness and process
quality.
|
