ISMS preparation for certificationKABEST delivers services in development, update, implementation and preparation of client’s Information Security Management systems (ISMS) that conform to international and industry-specific standards, recommendations and world’s best practices like (ISO/IEC 27001:2005, ISO/IEC 17799:2000, NIST, SOX (404) and Russian local standards).
KABEST’s wide range of services in ISMS preparation for certification includes:
- Analysis and assessment of information security risks
- Risk management according to KABEST’s unique methodology, which allows to analyze the client’s information security resources, provides for assets valuation, the client’s security specialists consulting, assessment of every asset’s conformity to the required level, risks calculations and ranking, helps select mitigation measures and serves a basis for implementation feasibility study
- Development of plans for implementation of IT security measures and provisions for information security control in accordance with ISO/IEC 27001:2005 standard
- Development of regulatory and administrative documents, standards, procedures and instructions that support robust performance of the client’s ISMS
- Implementation of IT security risks mitigation measures according to the plan and their performance assessment
- Personnel training, development of training plan for all associates and, first of all, for those who support core business processes
- Analysis and assessment of the ISMS implementation results on the basis of the special methodology
|
