Management System Services
Information Security Services

Information Security Management System (ISMS)

ISMS is a part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security.

ISO/IEC series of standards
Currently, organizations that have gone through the accredited certification process for their ISMS are assessed according to the certification requirements standard BS 7799 Part 2:2002. Once ISO/IEC 27001:2005 is published, BS 7799 Part 2:2002 will no longer be the basis for certification work (e.g. new certifications, surveillance audits on existing certifications and renewal of certifications) and this work will be transferred over to using the ISO standard. At this point in time a 'Certification Transition Statement' will be issued by National Accreditation Bodies, giving details of the time period during which organizations, together with their Certification Body, will need to make the transition from BS 7799 Part 2:2002 to ISO/IEC 27001:2005.

Benefits of Certification under ISMS scheme
The objective of ISO 27001 is to provide organizations with a common basis for maintaining information security and to enable information to be shared between organizations. This is particularly important where organizations wish to inter-connect electronically.

Certification of an organization's Information Security Management System is one means of providing assurance that the certified organization has implemented a system for the management of information security in line with the standard ISO 27001. This should serve as a foundation for the interests of international trade.

ISMS certification ensures that the certified organization has undertaken a risk assessment and has identified and implemented controls appropriate to the information security needs of the business. Certification of ISMS is voluntary. Organizations that successfully complete the certification process can have greater confidence in their information security management and will be able to use the certificate to help assure trading partners with whom they share information. The certificate makes a public statement of capability whilst permitting the organization to keep details of its information security measures confidential.

The benefits of ISMS certification to organizations are: The benefits to customers and business partners of certified organisations are: Avenues for Trade in International market

International Recognition


All efforts are made for ensuring confidentiality of the information obtained during the course of certification process.

The Certificate of Registration given to an organisation under the ISMS Scheme shall not be regarded as in any way diminishing the mutual contractual responsibilities/obligations between the organization and its customers and business partners. While the Certificate of Registration will normally be a sound indicator of the competence of organization to maintain information security, it should not be taken as a sort of guarantee accorded by the Certification Body. The Certification Body will not be liable for any deficiency in the information security of the organization. However, in case of an organization's failure to meet contractual responsibilities or other obligations related to information security, the affected party may approach the Certification Body for redress.

Route to Certification-Certification Requirements
Organizations interested in obtaining a Certificate of Registration under ISMS Scheme, shall have established a documented Information Security Management System complying with the requirements of the standard ISO 27001. The ISMS documentation shall include documents on the following subjects:

It is acceptable to combine the documentation for ISMS and other management systems (such as quality, health and safety, and environment) as long as the ISMS can be clearly identified together with the appropriate interfaces to the other systems.

Please ask for quotation

eIndiaBusiness Member