ISO/IEC 27001
ISO/IEC 27002
ISMS Protocol
FAQ

ISMS (information security management system) ISO/IEC 27001 Registration (ISO 27001)  Protocol

The registration protocol encompass three phases:

  • Initial Stage: Completion of the application questionnaire and initial investigation to assure that the assessment - audit is viable and feasible. A quote with term of agreement is sent for the organization to review and decide, once the assessment is viable and feasible.
  • Phase I - This portion of the assessment protocol is to assure that the organization addresses legal obligations, regulatory requirements and contractual agreement in a manner consistent with current ISMS ISO / IEC 27001 or equivalency by reviewing the implementation stage, statement of applicability (and any exclusions). This phase provides a 1st step provides for a conformity assessment (adequacy) as readiness to advance to the Phase II assessment (assess the level of readiness of the organization for Phase II). The deliverable is a report applying current ISMS ISO / IEC 27001 to ascertain provisions for legal obligations, regulatory requirements and contractual agreement.
  • Phase II - Is to ascertain that the organization's processes and activities fulfill the ISMS meets legal obligations, regulatory requirements and contractual agreement (and consumer expectations) applying current ISO / IEC 27001. The deliverables are (a) a detailed report of the appropriateness and effectiveness of the ISMS and will address any Request for Action (RA), Action Request (AR) and Observation (OBS), and (b) to recommend (or not if a RA is present) the organization to an ISMS ISO / IEC 27001 Certificate of Registration.

    Note: The organization is given up to 90 days to resolve any AR or RA.      

Benefits, BRS ISMS:

  • Provides demonstrable competence through impartiality resulting in consumer confidence,
  • Reassures consumers, employees and other stakeholders that the controls to secure information are valid
  • Identify threats and identify controls to assure prevention, elimination, reduction and mitigation (P|E|R|M™),
  • Provides a basis to manage legal obligations, regulatory requirements and contractual requirements,
  • Effective Business Continuity strategy,
  • Demonstrates credibility and trust,
  • Appropriate controls to protect financial information, intellectual property and protection from loss, theft and damage,
  • Ability to gain a business advantage as contractual requirement or expectation,
  • Can lead to cost savings as a single breach of information can entail significant costs,
  • Set forth enforceable policies throughout the organization

Assessment is undertaken by BRS and the organization must demonstrate competence in managing contemporary ISMS. The ISMS ISO / IEC 27001 Certificate of Registration is fundamentally based on fulfillment of legal obligations, regulatory compliance and contractual requirements for the purpose to protect communities and consumers. BRS certifications are backed by accreditation of a Public Foundation that is authoritatively empowered by the State Government with the entrust from the Attorney General Department of Justice, as determined by the US Department of the Treasury.

 

Copyrights BRS  2012
Last Modified 19 January, 2012