Information Security Management System
An information security management system is a management system that focuses on driving and improving information security through identification, managing and minimizing information security threats.  ISO 27001 requires organization to establish information security policy and objectives, determine process requirements, establish operational controls, tracking performance through monitoring and measurement, implement corrective action and conducting management review.  In essence, it consists of the following clauses,

Clause 4

Information security management system

Clause 5

Management responsibility
Clause 6
Internal ISMS audits
Clause 7
Management review of the ISMS
Clause 8
ISMS improvement

Compatibility
Based on the Deming PDCA (Plan-do-check-it) cycle, ISO 27001 has the same basic structure as other international management system standards such as ISO 9001 or ISO 14001. It offers a common framework for integrating different management systems. Please refer to the Certification page for more details.

Download D924 IMS Framework
(ISO 9001, ISO 14001, OHSAS 18001, ISO 22000, ISO 27001)

ISO PDA Model
ISO 27001 PDCA Model
Why is it Relevant?
ISO 27001 is a requirement standard which means organizations can be certified to it. It is generic in nature and is applicable to organizations of various sizes and background.

How to Proceed?
In order to capitalize the full offer of ISO 27001, organizations shall acquire an accurate understanding of the requirements and the intent of the standard. Perform a gap analysis to determine the status of the organization compared to the certification requirements. From top management to front line staff, all levels of staff shall acquire an appropriate level of understanding of the standard. Top management commitment is a critical success factor. Work on a realistic plan and not the least, ensure a strong buy-in from everybody.

i-VAC Certification offers a full range of improvement based ISO 27001 training courses and certification services to address your needs,

Download S100 ISO 27001:2005 Information Security Management System Leaflet

Certification
Apart from due diligence benefits and enhancement in creditability through third party certification, an effective ISO 27001 management system shall deliver the following inherent benefits,

Sustainable and improving information security performance
Platform for information security risk control and improvement
Reduction in security breaches
Improved staff motivation and information security consciousness
Due diligence and demonstration of information security commitment

Contact us on your questions or requirements on certification.

Training Courses
i-VAC Certification training courses are designed to offer different levels of staff the opportunity to acquire the necessary knowledge and skills to develop, implement, maintain and improve an effective management system.

Target

Course
Days

Top management
Top Management Briefing

0.5
Front line staff
Management System: What is my share ?
1
Professionals, Managers
Effective Implementation
3
Internal auditor
Internal auditor training
2
Professionals, Managers
Accurate Understanding
5
Experienced auditors
Advanced auditing skills
2

Apart from stimulating thinking, questions and debate, the courses focus on the acquisition of fundamental principles and accurate understanding of the standard requirements. Ultimately students are loaded with ideas to support the development and continual improvement of a management system.

Based on IRCA requirements, i-VAC has introduced the most advanced Accelerated Learning Techniques to all of its training courses. The benefits of these techniques are obvious and scientifically proven. With multiple input channels and a stimulating environment, students learn through their natural ability. Using participative activities, learning becomes quick, easy and enjoyable.  

Niche Training Course
Apart from the IRCA Approved OHSAS 18001:2007 Auditor Conversion Training course (Approval A17393), i-VAC Certification offers a unique 18 hour intensive training course that focus on the Accurate Understanding of the requirement standard, OHSAS 18001:2007. This course covers the basic concept of the OHSAS 18001:2007 its role in supporting organization’s objective to manage its occupational health and safety performance. In addition, the course also focus on the accurate understanding of the standards, viz what is required/not required? Experience has demonstrated many organizations over-engineered their documentation system owing to a lack of accurate understanding of the requirements of the respective standards.

In House Delivery
i-VAC Certification welcomes the opportunity to deliver to in-house training courses based on customer needs. Please let us know your requirements and we will offer a solution.

Contact us on your questions or requirements of in house training.

Public Course Schedule

Links (Information security management system)
Wikipedia
http://en.wikipedia.org/wiki/Information_security

ISACA (previously known as Information Systems Audit and Control Association)
http://www.isaca.org/Content/NavigationMenu/About_ISACA/Overview_and_History/Overview
_and_History.htm

Information Systems Security Association
http://www.issa.org/

Institute of Information Security Professionals
https://www.instisp.org/NETCOMMUNITY/SSLPage.aspx?pid=183&srcid=183

International Organization for Standardization Home Page
http://www.iso.org/iso/home.htm

ISO store (purchase of standards)
http://www.iso.org/iso/store.htm

ISO survey of certificates
http://www.iso.org/iso/iso_catalogue/management_standards/certification/the_iso_survey.htm

International Registrar of Certificated Auditors (UK)
http://www.irca.org/home.html
Copyright © 2003-2009 i-VAC Certification Limited