At the outset TSS Ltd chose ERS Consultancy
Ltd to help with its ISO/IEC 27001
implementation. “ERS Consultancy has
provided a service not only very efficiently,
but within the agreed costs of which I am
extremely grateful,” says Mark Treadwell.
“ERS is a member of BSI’s Associate
Consultant Programme and has considerable
experience in implementing the information
management system security standard."
To put the standard in place, ERS began
by conducting an initial information risk
assessment to help identify the actions
and priorities for managing information
security risks. This highlighted some major
gaps and other areas for improvements.
It also confirmed that formal information
security policies and procedures needed to
be introduced to enable better documented
and structured processes. Sonia Sooch,
Senior Consultant of ERS Consultancy Ltd,
explains: “As well as identifying gaps within
an existing system, the advantage of the
ISO/IEC 27001 standard is that it permits
continuous monitoring and review, which
then enables the management system to be
continually improved”.
Another key factor was to ensure that
the risk assessment methodology was
customised to fit the precise needs of TSS Ltd
and its operations. ERS Consultancy sees this
as an essential step in the implementation
process – if the risk assessment methods do
not fit with how the business is run, staff
are unable to follow the methodology, thus
resulting in a potential breakdown of the
ISMS longer term.
Rajesh Shah, Managing Director of ERS
Consultancy, comments: “The commitment
and involvement of both the ERS
At the outset TSS Ltd chose ERS ConsultancyLtd to help with its ISO/IEC 27001implementation. “ERS Consultancy hasprovided a service not only very efficiently,but within the agreed costs of which I amextremely grateful,” says Mark Treadwell.“ERS is a member of BSI’s AssociateConsultant Programme and has considerableexperience in implementing the informationmanagement system security standard."To put the standard in place, ERS beganby conducting an initial information riskassessment to help identify the actionsand priorities for managing informationsecurity risks. This highlighted some majorgaps and other areas for improvements.It also confirmed that formal informationsecurity policies and procedures needed tobe introduced to enable better documentedand structured processes. Sonia Sooch,Senior Consultant of ERS Consultancy Ltd,explains: “As well as identifying gaps withinan existing system, the advantage of theISO/IEC 27001 standard is that it permitscontinuous monitoring and review, whichthen enables the management system to becontinually improved”.Another key factor was to ensure thatthe risk assessment methodology wascustomised to fit the precise needs of TSS Ltdand its operations. ERS Consultancy sees thisas an essential step in the implementationprocess – if the risk assessment methods donot fit with how the business is run, staffare unable to follow the methodology, thusresulting in a potential breakdown of theISMS longer term.Rajesh Shah, Managing Director of ERSConsultancy, comments: “The commitmentand involvement of both the ERS
การแปล กรุณารอสักครู่..