Every day in the press there are horror stories of security breaches, data losses and an ever increasing number of vulnerabilities to IT systems that need to be addressed. Many organisations have a worrying time trying to address these issues and make sure that they are not the next ‘bad news’ item. With the introduction of the Internet, organisations are now forced to re-examine their security infrastructure, especially, if they are required to open their information systems to Clients, partners, and suppliers in order to maintain a competitive advantage. An incomplete and outdated security solution can put your forensic laboratory’s information and information processing resources at risk and a single breach can result in tremendous loss to your forensic laboratory and its reputation.
Although it may be difficult for you to implement a comprehensive and complete security programme to manage and control all of your information assets, the risk of breaches can be minimized if appropriate controls are put in place to protect them appropriately. To do this, all of your assets must be identified and the risks to them evaluated so appropriate controls can be selected to reduce the risks to an acceptable level.
Consequently more and more organisations are exploring the benefits of implementing best practice information security management using ISO 27000 and ISO 27002 as supporting guidance with the rest of the relevant ISO 270xx family.
At the same time, more and more Clients are requiring assurance that their information is appropriately protected.
ISO 27001 was formally a British standard (BS: 7799) and is the de-facto international standard on:
an Information Security Management System (ISMS).
FCL are uniquely placed to assist you as they not only can develop and implement information security solutions appropriate for your business but have done so for themselves and been certified to ISO 27001 to prove it. Unlike some, we can ‘walk the walk’ and prove it.
FCL can help you in the following areas:
- risk and Vulnerability Assessments;
- define the Scope of Certification;
- undertake a Gap Analysis;
- agree a risk management methodology with you and define an appropriate risk appetite;
- undertake a risk assessment for your assets in the defined scope
- identify risk treatment options to reduce risks to an acceptable level;
- implement agreed risk treatment;
- manage residual risks through your corporate risk register;
- create documented procedures;
- implement awareness training
- assist in Management Reviews
- undertake internal audits of your ISMS;
- Assistance in gaining ISO 27001 Certification
Some other ISO 270xx standards that provide assistance in the ISMS arena are:
- ISO 27002 – Code of practice for information security management
- other ISO 2700xx standards in the series
FCL ISO consultants are all ISO 270xx experts and many are qualified and IRCA Certified Auditors and Principal Auditors, rather than those just attending a Lead Auditor course, and have implemented a number of ISO 27001 systems that have been certified.
Using the FCL approach to ISO 27001 covers:
- risk and vulnerability assessments;
- definition of the scope of certification;
- gap analysis;
- develop the SoA;
- documented procedures;
- implement awareness training;
- review and maintain the ISMS;
- assistance in gaining ISO 27001 certification
In addition to this, there are the mandatory procedures that are required for management systems in PAS 99.
The FCL approach gives you the ability to:
- align business needs with information security deliverables;
- allow you to make contractual bids, where if you were not certified, you may be precluded;
- assure management and Clients of information security levels in place;
- create an organisational structure to ensure that roles and responsibilities for information security management are established throughout your forensic laboratory;
- demonstrate compliance verified by a third party Certification Body;
- develop a statement of applicability (SoA) that identifies controls to be implemented to address the risks identified in your forensic laboratory;
- enable interoperability between disparate management systems;
- ensure that a high level corporate information security policy exists;
- ensure that an appropriate incident management process is in place;
- ensure that an information asset register is created and managed;
- ensure that personnel security issues are highlighted and controlled;
- ensure that there is an ongoing compliance and monitoring mechanism in place.
- ensure that there is appropriate security of assets within the defined scope;
- ensure that processes and procedures for information security in your forensic laboratory are documented and tested;
- further information security awareness within your organisation;
- identify risk and evaluate risks to your forensic laboratory;
- increase customer confidence in your products and services;
- integrate business continuity and information security in a common management system to exploit synchronicity between standards with similar management requirements;
- make a public statement that you have addressed information security needs of your, and your Client’s, data
- manage and treat significant risks to reduce them to an acceptable level in line with risk appetite;
- validate the adequacy of IT technical security measures including communications and operational procedures; logical access controls; systems development and maintenance arrangements;
- validate the adequacy of physical and environmental security arrangements;
- validate the existence or adequacy of business continuity and/or disaster recovery arrangements.
- FCL are justifiably proud of our 100% SUCCESS RATE, of achieving first time certification through an Accredited Certification Body for our Clients;
- FCL is committed to providing a consistently high value service to our Clients;
- David Lilburn Watson, who remains personally ‘hands-on’ throughout the process, manages this process.
- to understand how the FCL suite of offerings can be used to transform your business, please contact us
- we look forward to discussing your specific requirements, at your convenience;
- we offer a free Health Check for ISO 27001;
- whatever other type of consultancy you require, we can possibly offer a free Health Check.