Governance and Risk Consultancy Services Case Study On ISMS Implementation
Over View :
A global learning solutions company playing a key role in helping individuals, organizations and nations adapt to the changing requirements of a knowledge-driven world. The company has significant market presence internationally in the content development for e-learning and testing and certification areas.
Challenges :
The client believed that information security is of critical importance and percieved information security as key to extending the enterprise to enable deep integration with partners, suppliers and customers while aiding compliance with regulations. Importantly, information security also protects economically vital critical infrastructure from attack. Thus the client wanted to establish Information Security Governance framework that would be built on existing frameworks and accepted best practices and would bring about a process driven culture in the organisation. The key security concerns were:
The solution lay in perceiving Information Security in the context of business risk rather than as a wholly technical issue. This required that the organisation ensures security of its information assets by making information security an integral part of core business operations. The best way to accomplish this goal was to embed information security governance as a part of the internal controls and policies of the organisation.
ISO/IEC 27001:2005 was chosen as the "best” reference because of its combination of comprehensiveness and its international level of acceptance, including rapidly growing usage in the world. ISO/IEC 27001:2005 was written solely for information security practices within a business as a whole, is not IT exclusive, and is built around policy and process.
PCS Consulting, the consulting arm of PCS Technology Ltd. was appointed by the client to implement the ISO/IEC 27001:2005 in the organisation for all production centers in India. The scope of the project included the following services:
Benefits :
The benefits the client derived from ISO/IEC 27001:2005 certification are:
A global learning solutions company playing a key role in helping individuals, organizations and nations adapt to the changing requirements of a knowledge-driven world. The company has significant market presence internationally in the content development for e-learning and testing and certification areas.
Challenges :
The client believed that information security is of critical importance and percieved information security as key to extending the enterprise to enable deep integration with partners, suppliers and customers while aiding compliance with regulations. Importantly, information security also protects economically vital critical infrastructure from attack. Thus the client wanted to establish Information Security Governance framework that would be built on existing frameworks and accepted best practices and would bring about a process driven culture in the organisation. The key security concerns were:
- Security of e-learning content which is the intellectual property of the client’s customers
- Security of question banks for testing and certification service
The solution lay in perceiving Information Security in the context of business risk rather than as a wholly technical issue. This required that the organisation ensures security of its information assets by making information security an integral part of core business operations. The best way to accomplish this goal was to embed information security governance as a part of the internal controls and policies of the organisation.
ISO/IEC 27001:2005 was chosen as the "best” reference because of its combination of comprehensiveness and its international level of acceptance, including rapidly growing usage in the world. ISO/IEC 27001:2005 was written solely for information security practices within a business as a whole, is not IT exclusive, and is built around policy and process.
PCS Consulting, the consulting arm of PCS Technology Ltd. was appointed by the client to implement the ISO/IEC 27001:2005 in the organisation for all production centers in India. The scope of the project included the following services:
- Learning Solution Service: designing, developing, deploying and processing of computer based learning solutions
- Testing and Certification Service : designing, developing, deploying and processing of computer based assessments
- Scope definition
- Training of the core team, users and internal auditors
- Risk Assessment
- Identification of relevant controls
- Documentation involving development of policies, procedures and relevant formats
- Preparing the Statement of Applicability (SOA)
Benefits :
The benefits the client derived from ISO/IEC 27001:2005 certification are:
- establishment of a process driven culture in the organisation for information security thereby enhancing security awareness within the organisation
- a benchmark to measure the security measures and management systems deployed in the organisation
- a framework for resolving security issues
- enhanced customer' and business partners' confidence and perception of the organisation
Related Links
Copyright © 2024 PCS Technology Ltd. All Rights Reserved.
Designed and Website Maintenance by MiracleworX Web Design Mumbai