Consultation and accompaniment for compliance with ISO standards
This is an international standard developed by the International Organization for Standardization (ISO) that represents an outline for information security management in organizations. Its purpose is to ensure the management, security and proper operation of information in the organization. Every organization is based on information and data systems, the standard makes it possible to verify by creating a risk identification mechanism, procedures and controls that the data in the organization is safe, available and correct always. In addition, the standard enables the organization to comply with the requirements of the Privacy Protection Laws.
The laws require organizations to maintain sensitive databases to comply with the requirements of protection, backup, restoration and compartmentalization of information. One of the effective ways to comply with the requirements of the law is to implement the ISO 27001 standard, which the legislature recommended that compliance with it enables compliance with the requirements of the law.
The standard, which constitutes a comprehensive and broad framework for information security management, outlines important principles based on:
- Risk management.
- Adjusting security measures according to the possible threat.
- Defining and implementing an “organizational security theory” that is appropriate for threats and addresses all aspects, first and foremost:
- The technological aspect.
- The managerial aspect.
- Control and continuous improvement.
- The standard defines requirements, not solutions.
- Formulation of policies and procedures.
- Management’s commitment to the process and ongoing notification of the Board of Directors.
- Having an effective framework for backing up information.
- Building a Robust Work Plan.
- Feasibility tests to examine the established controls and their implementation
ISO 27002 is an accompanying standard that provides the clearest rules or controls for information security management in an organization, according to the guidelines of the ISO27001. Its purpose is to provide a definition for the implementation of various information security controls for the entire organization. It includes guidelines on the following topics:
- Details of the security policy and procedures required to manage information assets.
- Security aspects for existing employees and onboarding new employees.
- Protection of the computing environment and facilities.
- Establishment of control systems and their technical management.
- Restricting access rights to networks, systems, applications, and data.
- Anticipating hacking events and managing an appropriate response.
- Safeguards, retention, and recovery management when information crashes.
Standard ISO 27799
ISO 27799 is an international standard for information systems security in the field of healthcare, published at the end of 2010 by the International Organization for Standardization. The standard is based on the general standard for information security ISO 27001and aims to provide tools to medical organizations for the purpose of protecting personal medical information in their possession.
In addition, the standard is intended for other entities that hold health information among them and wish to comply with international rules, including information security consultants, auditors and suppliers.
ISO/IEC 27032 for Cybersecurity
This standard is a complement to the ISO27001 standard and is intended to secure cyberspace. The standard focuses on the preservation of information with an emphasis on the reliability, quality and integrity of the information available on the network.
Guidance for improving the cybersecurity situation with an emphasis on information protection, information systems and their improvement, examining existing controls in the cyber field. The standard helps the organization deal with spam, phishing, hacking and more.
Our commitment to standards accompanied by certification
We believe that using a methodology that has been tested and successfully implemented in various projects and types of companies is an important layer in the success of the project and its implementation efficiently and effectively.
Needless to say, the methodology has been built and updated regularly based on various projects carried out by all the information protection experts of the global network and considering their experience with the various challenges that the world of information protection contains and how they are dealt with.
Our professional team will enable its implementation with minimal harm during the organization’s ongoing work as part of the accompaniment to the standards, the following issues will be addressed, but not only:
- Establishing a procedural infrastructure and/or updating the company’s procedures.
- Assistance and leadership in mapping business processes.
- Participation and establishment of a steering committee.
- Mapping information to the organization with an emphasis on sensitive information.
- Conducting internal information security management system audits.
- Leading the days of the test by the authorizing body.
- Accompaniment and initial consultation for correcting deficiencies.