InfoExpert also offers a comprehensive support to introducing and upgrading ISMS by using the latest revision of the ISO/IEC 27001:2013 standard. The latest revision stresses the identification of risks of information security and essential application of suitable measures. This is the attempt to avoid earlier formalist approach to certification by adopting internal rules and procedures that simply copy the contents of recommended measures (ISO 27002).
The proof for this claim is the principle according to which the identification of information assets, threats and vulnerabilities in the latest version of the standard is not a precondition for identification of risk. The new approach to introducing ISMS according to ISO 27001 fits perfectly with InforExpert's business portfolio, which emphasises the strategic approach, business processes and increasing internal capacities of the customer’s organization (IT Governance, Risk Management, Compliance – IT GRC). Clearly identified and documented business processes provide for determining critical and risk points in information management and aplication of adequate risk management measures.
Instead of previously required compliance with the general quality management system (ISO 9001), as a form of business insurance, the compliance (SOA) with the information security management system (ISO 27001) is also required today.
Along with the requirements of a business relationship, there are also legal obligations in terms of protection of personal data and information security for public institutions and businesses which can be fulfilled in the most efficient way by implementing the ISO 27001 standard (laws on protection of personal data, information security, privacy on the Internet).
Parallel improvement of business processes with the implementation of standards and development of internal capacities (including the preparation for acquiring international ISACA certificates - CISA) ensures a practical implementation of measures, feasibility of adopted rules, procedures and instructions, and sustainability and continuing improvement of ISMS (PDCA).
Requirements in terms of confidentiality, integrity and availability of information (CIA, Confidentiality-Integrity-Availability) presents an important business segment today, and there is almost no agreement or contract which does not define obligations in terms of information security management.
Unauthorised access to confidential information or its loss can have negative consequences for organizations, their business and the business of their clients. The proof for the importance of information security management is the recent events which have placed this issue on the list of top priorities for the governments of world powers.