Certification of the Information Security Management Systems

Certification of the Information Security Management Systems
The implementation and certification of an Information Security Management System (ISMS), is a strategic decision for any organization as it guarantees the security both of the certified organizations information and that of clients and business clients.

This system provides recommendations for keeping under control the informational risks, it clearly defines the types of threats and offers guidance for approaching the protection methods.Thus the organizations survival can be ensured, the potential financial damage can be minimised and the organizations profit and perspectives are maximised.

Nowadays, taking into account the fact that data are stored in electronic format, one must pay particular attention to the protection of the information systems.
Information security must be related to all the aspects regarding the data protection irrespective of their form (tape format, optic format, paper format, etc.)

What is the Information Security Management System (ISMS)?
An ISMS is a management system based on the approach of the risks to which a company is exposed and its purpose is to establish, implement, operate, monitor, revise, maintain and improve the information security. The certification of a ISMS is carried out in accordance with the reference standard ISO 27001 which is used also to check the implementation of the 133 security measures from ISO 27002 (former ISO 17799).

When were the ISMS standards first developed?
The first standard for the ISMS certification was the British Standard: BS 7799. This included two parts:
1. Part I: BS 7799-1, which was a Code of Practice that later became ISO/IEC 17799. Presently, the latter was replaced by ISO/IEC 27002.
2. Part II: BS 7799-2. This was the first standard based on which the certification of an organization could be carried out. On the basis of this reference standard, an international standard was drafted for ISMS ISO 27001.
Which are the advantages of the ISMS certification for an organization?
1. The clear indication of the organizations compliance with the conditions of the standard ISO 27001 and the implementation of the ISO 27002 security measures; these standards include the best recommendations made by experts in ISMS;
2. This gives clients and partners greater trust in the certified organization;
3. This reduces the need for a possible assessment of the security system that might be required by clients and partners.
4. This gives the managers a better control on the information chains within the certified organization.
5. Thus, the risks, which may affect the organizations activity, are identified and kept under control.
6. The possibility to fulfil the legibility conditions at auctions where the ISMS certification represents a criterion to this purpose.
7. A better position and image on the market, as against the rival organizations that have only one certified system (e.g. ISO 9001)
Why would you choose the certification offered by RINA SIMTEX?
1. We have over 10 years of experience in the certification activity.
2. Our offer includes a large range of services including courses for your employees;
3. We can offer you the services of a team of specialists in the ISMS domain;
4. Because our clients (most of them well known companies in the IT&C domain) continue to recommend to other organizations;
5. You could become one of the 2500 clients satisfied with our services.
6. We can also perform combined certifications (integrated) in case you already are certified for a management system (Quality, Environmental, etc) so that your organization eventually has a single integrated management system, not one or more.

What is the connection between ISO / IEC 27001 and the other certification standards (for the Quality Management System ISO 9001, for the Environmental Management System ISO 14001)?
ISO / IEC 27001 is harmonized with ISO 9001 and with ISO 14001. All three standards include common elements and system principles, including the constant cyclic improvement process PDCA (Plan-Do-Check-Act). This approach allows the uncomplicated integration of these systems so that a unique managements system makes sense within the organization.

RINA SIMTEX recommends its clients the implementation of a combined management system.
What kind of organizations should certify their own Information Security Management System?
Any organization, which considers that its information system needs to be protected, must have such a management system to help it control all the risks. Additionally, the ISMS certification represents a business card that cannot be overlooked by the business partners or clients.
How does the certification begin?

In order that the certification process can be initiated, you have to address to RINA SIMTEX, in writing, no.10A, Ramuri Tei Street, sector 2, postal code 020354, PO 13-138, Bucharest or by accessing this form. We are prepared to offer you the documents (the official request and the preliminary assessment questionnaire) for the initiation of the certification process and further information regarding the certification of the Information Security Management System. In order to obtain a price offer as soon as possible, it is necessary for you to send the preliminary questionnaire completed.