ISO 27 001

ISMS (BS 7799-1)

Information Security Management System

ISO/IEC 17799
ISO/IEC 27001
ISO/IEC 27001

Both of these standards specify the requirements for an Information Security Management System and are based on the British Standard BS 7799, which is made up of two parts:

  • guidelines for information security 
  • specifications for information security systems

BS 7799-1 was a standard issued in 1995 to provide a control on information security in large, medium and small organizations including government administration. The 1999 revision took account of the latest developments in the use of information processing technology, especially in the area of networks and communications. It also places greater emphasis on integrating an enterprise into information security and on accountability for information security.

The standard can be used as a basis from which, for example, it is possible to derive company policy or inter-company business agreements. It should not be quoted as a specification and special care should be taken to ensure that the requirements for compliance with its provisions are not incorrect. It is expected that the enforcement of its provisions are entrusted to suitably qualified and experienced persons.

Reasons for implementing an information security management system:

  • information security
  • streamlining information flows in a company
  • personal data protection (Act No. 101/2000 Coll.)
  • profit organizations (companies) – reliable information security is closely tied to the organization’s existence and always leads to a better market position
  • criminal liability under Section 178 of the Criminal Code (unauthorized handling of personal data)
  • public administration organizations – they proceed pursuant to the implementation requirements of the ISVS (Information System of Public Administration) according to Act No. 365/2000 Coll. or 517/2002 Coll.
  • the increasing amount of information processed, the automation of its processing and the influence of other laws and decrees. 

During these activities, it is essential to ensure:

  • information is readily available
  • unwanted modification of information is avoided
  • misuse of information is prevented
  • loss of information is prevented
Implementing the system?
  • defining the information security policy
  • identifying, evaluating and classifying information assets
  • determining the level of security
  • determining the scope of applicability
  • determining the manner in which information risks are managed
  • implementing the system
  • certification by an independent accredited company
Information security policy:
  • the company management’s commitment to protect information and the manner in which it is processed
  • the main principles of working with information and how it is secured
  • the consequences of violating the information policy
 
Switch The Language

    SUSS Consulting s.r.o. has been operating on the market since 1997 and is an experienced consulting organization that offers a wide range of services to its customers. The main activity of the company is the implementation of quality systems and possible preparation of clients for certification according to international standards. We also deal with process mapping and subsequent – process analysis, in order to simplify processes, reduce costs and increase efficiency in companies.

    Company headquarters

    Vinohradská 939/39
    120 00 Prague 2

    Phone

    tel.: +420 241 411 300
    fax: +420 241 410 678

    EMAIL

    suss@suss.cz>

    IČ: 251 33 781
    DIČ: CZ251 33 781

    Company is registered at the Municipal Court in Prague, Section C, Insert 52502.