ISO27001 Impact

ANI NT RO DU C T I O NT OI S OC E R T I F IC ATIONIT SECURITYInternational Management Systems Marketing (IMSM) was founded in 1994 to provide businesses with the practical expertise to add value through quality systems and efficiency. From its base in the UK, IMSM Ltd has developed a strong network in Europe, USA, Canada, SouthAfrica and Australia.IMSM’s fully trained team of auditors holdrecognized IRCA (International Register of Certified Auditors) qualifications.IMSM is itself continually assessed by EFQM(European Foundation for Quality Management) to ensure it delivers its promises, and is a leading member of ASQ (American Society for Quality).Where businesses work collaboratively, and are required toshare sometimes sensitive information, it is essential that theprocess is thought through and safeguards installed.Authorised staff need to be able to access relevantinformation, while at the same time, the security of both theclient database, and advanced technical processes, must beprotected.ISO27001 is a management system which identifies, managesand minimizes a range of threats to business information. Itprovides guidelines for implementing a constructive riskmanagement process, setting up policies, and ensuring a secureinfrastructure is in place.Working on the same principle as the ISO standards, ISO27001follows the successful Plan-Do-Check-Act model. Existingsystems are incorporated. Companies which hold the ISO27001Standard are stating that they have taken all reasonablemeasures to minimise risks and prevent unauthorised use of bothcompany and customers’ data. As businesses become less paper based, and more informationthan ever is stored on computer systems, that information isincreasingly seen as an asset of the business, and needs to beprotected. It is vital to find the right balance between givingauthorized staff the tools and access needed to do the job, andensuring that unauthorized access is prevented.Companies who contact us like the fact that we do the work ina fixed time, for a fixed fee, and keep disruption to a minimum.IMSM has applied this model to certification for over ten years.For more information about how IMSM can help yourcompany achieve ISO27001, please contact Andrew Bedford:Tel: 01666 826065 andrewbedford@imsm.comTo date, IMSM has helped more than 5,000 organizations around the world to achieve ISO certification.ISO 27001 IT SECURITY ISSUE 1Poole based Eureka Direct is abusiness which makes sure thatschools, independent healthcare providers, businesses, andcare homes have all the first aidsupplies they need, delivered ontime. With a range which coverslatex gloves to first aid kits,plasters, dressings, cold therapyand health and safetyequipment, the company offersan extensive stock list for nextday delivery in the UK, all atvery competitive prices.Eureka's Standard HSECompliant First Aid Kits aresuitable for low risk environmentsand offices and feature mouldedcases with hinged lids and wallfixing brackets. More specialisedkits are supplied to higher riskindustries, and the company caneven supply "prescription only"drugs for the occupational healthmarket. Founded in 2000, andemploying some 35 people, thebusiness deals with around 450orders per day, through theinternet, its call centre, and itssales force.Having had experience of ISOstandards in a sister company,Eureka’s IT manager, Kristian Starrdecided to go for ISO27001(Information Security) to showcustomers and suppliers that theirdata was secure, and to have anauditable system, and fulldocumentation. He commented, “With marketslike ours, we handle sensitiveinformation, and wanted to showour customers that the systemswere in place to ensure confiden-tiality. We are proud to show ourprocedures to clients, and to beable to tick the relevant boxeswhen tendering for major con-tracts. It’s made a real difference toour business. And having usedIMSM in the past, and liked theway they worked, we are recom-mending them to our clients, too”.www.eurekadirect.co.ukEUREKA – FINDING THE RIGHT INFORMATION SECURITY SOLUTION“…having used IMSM in the past,and liked the waythey worked, we arerecommending themto our clients too.”Information at risk: the proven benefits of ISO certificationISO 27001 IT SECURITY ISSUE 1www.27001iso.comUK Office: The Gig House, Oxford Street, Malmesbury, Wiltshire, SN16 9AXTelephone: +44 (0)1666 826065 Fax: +44 (0)1666 826050Email: info@imsm.com Web: www.imsm.com www.27001iso.com Designed and produced by Waddell Digital Ltd www.waddelldigital.co.uk ISO standards consultancyIMSM has just helped e-mailmarketing business e-Dialogachieve ISO 27001:2005.The process, for the Lexington,Massachusetts and London-basedbusiness, was completed in lessthan 6 months, with e-Dialog’sstaff as proactive participantsalongside the IMSM consultant.Commented Ed Glancy, Directorof Information Technology, "Being a pre-eminent provider ofe-marketing solutions for largemulti-national businesses, we needto set the standard in every aspectof our business. ImplementingISO27001:2005 complemented thisstrategy and delivered real benefit.The IMSM consultant came with astraightforward, practical, nononsense approach and workedextremely well with our company,and rapidly understood ourrequirements." He continued, "ISO has enabledus to bring a rigorous third-partyvalidation process to ourinformation security standards, andwill continue to keep us focused onour procedures and drivecontinuous improvement. Securityhas always been at the very heartIMSM’SNO-NONSENSEAPPROACHof e-Dialog’s proposition and ourclients now have demonstrableproof that a robust securitymanagement system is in place."IMSM’s Business Manager,James Goldstein added, "e-Dialoghas demonstrated to their clientsthat their vital data assets are assafe in their environment as theyare in their own companies. Theirsystems have passed a rigorousexternal audit, and theirmanagement team hasdemonstrated accountability byaccepting responsibility for regularreviews of risk assessment andremediation plans."visit www.e-dialog.com“Security has alwaysbeen at the very heart of e-Dialog’sproposition…”FOCUSSED ON SECURITYthe technology infrastructure forclients in the public sector, as wellas online Travel booking, Architects,Building Contractors, Restaurantsand Food suppliers. "Whilst internalising our ISOprocedures, we realised that wealready had a lot of documentationand processes in place. However,before ISO we were unable to makeinformation available to everyone inthe company; since ISO, we have aquality MIS in place that is fullyaccessible by staff and clients.Mr Devlukia continued "Information is now shared whichhelps us to maintain our service andefficiency levels to our clients. If anaccount manager or technicalconsultant is away, someone else can take over without the customerlosing confidence or having to go over previous history or issues". ACS now has the right credentialsto chase large tenders andcontracts, all these certificationsshould make a real difference to our business.www.acs-apt.comWith clients including the NHS,major charities and Primary CareTrusts, and partnerships with HP,Microsoft, Sage, Fujitsu Siemens,Sony, Citrix, and Cisco, ACS-AptComputer Systems needs to showthat all data handled on behalf ofclients is secure. So naturally thecompany had a lot of processes inplace, but that wasn’t enough forthis highly focussed IT consulting,technology services and supportcompany: they decided to go for the ISO27001 standard.Having had positive experiences ofother ISO standards, ACS-Apt knewthat the process involved externalauditing of their systems andprocesses, developing full documen-tation and procedures for continuousimprovement. "Some managers wereconcerned it was going to obstruct ourwork-flow, but in fact, we didn’t reallyknow it was happening" said KaileshDevlukia, Operations Manager. "Theassessor was excellent and the wholeprocess went really well".Established in 1989, ACS-Aptdesign, install, maintain and supportPhil James, EuropeanDevelopment Director of CHKSwrites: “CHKS Ltd specialises inbenchmarking services for theNHS and Independent healthcaresectors, and has a reputation forproviding and maintaining highquality services to its customerswithin a tightly controlledinformation security assuranceprogramme.We wished to have an externalvalidation of our processes and feltthat ISO 27001 gave the mostappropriate demonstration of thisagainst international best practice. We have found that the ISOstandard has been a goodframework for our InformationSecurity Procedures, many of whichwere already in place and did notneed changing. The entire processwas challenging but ultimatelyrewarding and did not impact too heavily on the day to dayworkings of the organisation.IMSM were a great assistance to us, helping undertake a riskassessment, designing the system and writing the manuals.Our involvement was in supplying information about our procedures and checking andapproving the work.We are proud to be able todemonstrate our compliance withISO 27001:2005 as informationsecurity is an extremely importantaspect of our work.”www.chks.co.ukCHKS ACHIEVES ISO 27001:2005 COMPLIANCE“IMSM were a great assistance to us, helpingundertake a risk assessment, designing thesystem and writing the manuals.”(From left to right) IMSM’s Dr. JamesGoldstein, Ph.D. presents ISO 27001certification to e-Dialog’s IT director, Ed Glancy, and CEO John Rizzi. (From left to right) IMSM’s Dr. JamesGoldstein, Ph.D. presents ISO 27001certification to e-Dialog’s IT director, Ed Glancy, and CEO John Rizzi. Your Local Business Manager:InternationalManagement SystemsMarketing