020 8099 1796
+353 1 6854660
It may take two weeks into a project or it could take two months. Sooner or later you will come to the conclusion that there has to be a better way!
How can we keep things progressing at pace, and in a logical manner? How can we record everything centrally? How can we make tasks such as the risk assessment easier? How can we track policy changes with ease? What progress have we made to date? To maintain compliance, what needs to be done today? Next week? Next Month?
SaaSAssurance cloud software gives you the answer. SaaSAssurance is all you will need to track and stay on top of your ISO 27001 project.
Keep things progressing in a logical manner:
The SaaS Assurance cloud software helps step you through the planning and implementation stages of the project in a very logical manner. No more spreadsheets that are impossible to understand, missing emails, disjointed policies!
Record everything centrally:
The SaaSAssurance cloud software helps you record progress and policy changes. Record upcoming and overdue tasks, meeting minutes, security incidents. Record how you are being effective in your project, and a lot more.
How to make tasks such as the risk assessment easy:
The SaaSAssurance system has software modules such as the risk assessment, asset inventory, and control effectiveness. Conduct the necessary tasks with diligence and ease every step of the way.
Take a test drive now
Where do you start? Can you implement this standard yourself? How can you make the best use of your time? These are all very common concerns after a first look at the ISO 27001 standard.
At SaaSAssurance, we understand these concerns very well and we have worked closely with the marketplace to address them. Organisations who have paid for expensive ISO 27001 implementation training, and those that haven’t have both come to us requesting a better training and knowledge transfer system.
What the marketplace demands is a training and knowledge transfer system that is both very informative, but also easy to follow. Most importantly, according to our SME clients, it should not be pitched at a consultant level. Micro/SME organisations do not have the luxury of having their own security consultant in-house and are less likely to have the resources to obtain one for such a long and evolving project.
So with the market requirements in mind, SaaSAssurance developed a custom virtual classroom environment tailored for the implementation of ISO 27001. Organisations can find the topic complex and dull and need something to make the training more engaging and interesting. We found that cloud based digital media was the most effective and popular form of training for these topics.
Try it out for yourself and see!
We also found that learning by example was the most effective method. We do this with our case study organisation DATA GTi. Our digital media training brings our clients through the case study of this fictitious organisation, and using the interactive media and animation helps our clients accelerate into their project.
What is the point of doing all of this training if it is not effective? Our digital media training comes with ‘be effective’ modules, where our clients can prove that they can actually implement what they have learned.
The SaaSAssurance system provides the software tools and the training necessary to allow you to implement your own standards project such as ISO 27001. You may however want to avail of further assistance along the way.
SaaS Assurance use the power of the cloud to provide world class assistance to our clients remotely with any stage of their project.
As part of this service we do the following:
• Host webinars
• Provide extra specialist training
• Provide advice
• Provide one to one clinics for specialist knowledge domains
SaaSAssurance partner with experts globally in the information security field and cloud technology field.
This allows us to give the very best service and value to our clients regardless of geography. Language is becoming less and less of a problem as SaaSAssurance will localise our system and training for the wider European and south American marketplace.
Government Cloud or G-Cloud / GCloud / GovCloud:
If you plan to sell your SaaS application into the government sector SaaSAssurance will work with you to ensure that you obtain the level of compliance that is necessary.
Community Cloud Or Gated Cloud:
Do you want to offer a community cloud to your clients where compliance is the differentiator? SaaSAssurance will assist you with the specific industry requirements in order to make your cloud service compliant with necessary standards and data protection law. This includes:
WhitePaper Series: ISO 27001 for humans Part 1
A Brief History:
The formal name for ISO 27001 is ISO/IEC 27001:2005. I appreciate that’s quite a mouthful, so let’s look a bit closer…ISO are the international organisation for standardisation. They develop and publish international standards and are the same body that developed the quality management standard ISO 9000 series.
The number 27001 comes from the 27000 series of standards which are reserved for information security. Another example of a 27000 standard is ISO 27006, which provides guidelines for the accreditation of organisations offering ISO Certification. See one of the next whitepapers in the series called "ISO 27001 certification process for humans".
The (IEC), or International Electrotechnical Commission work closely with ISO and operates globally where member countries adopt their standards as national standards. They have a history with electrical and electronic technologies but also cover a lot more.
ISO 27001 is derived from several initiatives to write a code of best practice for information security, the first of which was the BSI group or British Standards Institute back in 1995. It’s successor, Part 2 of this came in 1999, (BS7799-2 and focused on how to implement an Information Security Management System)
In 2002 some improvements to methodology were introduced. This standard then became an ISO standard in 2005. Hence the ‘2005’ at the end of the title.
So, that's an idea of where the standard began, so what is an Information Security Management System, or (ISMS)? Well put simply, it's a framework that attempts to cover what you need to do to manage information in your organisation in a secure manner.
The ISO 27001 ISMS takes a risk based approach that firstly defines a six part planning process, and then a very extensive checklist of controls.
A buddy standard of 27001 is the standard 27002, which can be considered as the code of practice. So, if we were a chef preparing a meal in a restaurant, consider the 27001 as the list of ingredients, and 27002 as a recipe you can follow. What happens if the chef leaves some ingredients out or does not follow the recipe correctly? Well we will come back to that scenario later in the series.
So what is contained in the good practice recipe? Well there are 15 sections pertaining to information security, let's have a look at them:
The risk assessment examines the risks in the business in relation to information assets. Confidentiality, Integrity, and Availability are considered when assessing risks, as are the legal, business and contractual obligations. A risk assessment report is then created, and plans are put in place to deal with on-going risks.
This is a management approved initiative to provide a clear policy and guidance to the company on information security matters. It must be reviewed and updated at regular intervals. The policy should exist on the intranet or where all relevant people can view the policy on a day to day basis.
That concludes part 1 of ISO 27001 for humans, sign up to our cloud papers at http://www.SaaSAssurance.com to receive the rest in the series.
How? Our follow up whitepapers will be done on digital media! so ensure to subscibe to our youtube channel above!
Thank you – The SaaSAssurance TM Team