ISO27001 Certification and ITIL adoption

ISO27001 Certification and ITIL adoption
Adapted from the British Standards Institute (BSI) BS 7799, which was originally written by the Department of Trade and Industry (DTI), ISO 27001:2005 contains 134 controls organised into 12 main sections and specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS).

As information, electronic or hard copy, is becoming more prolific within organisations, the risk and impact on the business through the loss or corruption of information also increases. Gaining compliance to ISO 27001:2005 affirms that your organisation has established and can demonstrate that confidentiality, integrity and availability of information is adequately addressed, providing:

A common organisational security objective and standard
Identification and clarification of existing information security management processes
Effective management of security incidents and risks
Confidence to existing and prospective customer base
A competitive advantage and market differentiator over competitors

Moreover, information security is now an important factor in the selection of service providers for most organisations, particularly those within the finance, health, public and IT sectors and will soon become a contractual or service level agreement requirement.

ISO 27001:2005 is aligned with both the ISO 9001 (quality management systems) and ISO 14001 (environmental management systems) standards. The three standards share system elements and principles, including adopting the PLAN, DO, CHECK, ACT cyclic process.

Fairland assist clients to initiate, create, maintain and provide training and awareness for staff in ISO 27001:2005, fully supporting the organisation throughout the implementation process.

Fairland also consult and assist in the creation of policies & procedures, working with all relevant internal departments, to provide a solution that suits the organisation and enables staff to operate with a full understanding of its requirements, the type of information to secure and how they should report incidents.

As part of this process, Fairland perform a comprehensive review of your existing security processes and procedures, including levels of information security risk, and compare them to those required in the ISO 27001:2005. The results of which will form the basis for a gap analysis / risk assessment, which can be developed into a comprehensive programme for cyclic improvement.

The final process is to demonstrate to an independent auditor that your internal controls meet corporate governance and business continuity requirements. Fairland’s consultants can direct your organisation through and be involved with the process of gaining certification, which can prove to be invaluable.

ITIL
ITIL best practice aims to help organisations improve the way in which they deliver IT services to their customers. It is the only industry standard model for IT service provision and provides guidelines, criteria, questions and answers and standard implementation plans for delivering Service Management. It is supported by a qualification and training structure to recognise professional competence in IT Service Management.

ITIL adopts a process driven approach, which is scalable to fit both large and small IT organisations through deployment of closely related and highly integrated processes.
Best practice guidance and more detailed information on the individual Service Management processes can be found in the appropriate sections of the Service Support and Service Delivery books. The complete range of ITIL and BSI publications are available from the IT Service Management Forum (itSMF).

When implemented, Service Management will provide the following business benefits:

Supports a sound IT investment strategy
IT services are managed to meet specified availability targets
Achieves a specific, consistent, measurable level of service
Higher user productivity, from a decrease in downtime
Fewer quality problems caused by Changes
Less risk of problems caused by lack of capacity
Being able to recover IT systems in a controlled way
Better control of IT assets.

Fairland Consultants have a vast experience of reviewing, recommending and implementing the appropriate aspects of ITIL to client specific requirements – not just for the sake of implementing ITIL. Please contact us for an initial discussion.