A Framework is a tool to enable organizations to establish a roadmap for reducing technology security risk that is well aligned with organization and sector goals, considers legal/regulatory requirements and industry best practices, and reflects risk management priorities. The framework design is the key for organizations to move from Current State to Target State with ability to identify gaps, and prioritize gaps based on risk assessment.

ISO Standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. This International Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size, or nature.

IrisLogic Difference

ISO/IEC 27000 describes the vocabulary of information security management systems, referencing the information security management system family of standards (including ISO/IEC 27003[2], ISO/IEC 27004[3] and ISO/IEC 27005[4]), with related terms and definitions. The objective of ISO framework is to provide a common platform to compare division’s technology risk readiness, policy/procedure implementation, and compliance with regulations. The ISO governance, risk, and compliance standard provide out of the box framework focused on non-technology security controls ready to implement. The framework is mapped to multiple IT security frameworks around the world and globally accepted. Irislogic experts have publications on the ISO 27001, and please refer to link below for further details. Link:

http://www.isaca.org/Journal/Blog/Lists/Posts/Post.aspx?ID=76
http://www.isaca.org/Journal/Past-Issues/2011/Volume-4/Pages/default.aspx

The other important aspect we ensure while implementing ISO framework is right scoping.

IrisLogic services include:

  • Implementing framework and it includes: Project Management and Implementation
  • Performing gap assessment, remediation, pre audit, and post audit
  • Certifying ISO compliant (as per Client request) with the help of certifying partners