SlideShare a Scribd company logo

Choose the Right Management System

Iris Maaß
Iris Maaß

help and instruction on choosing the right Information Management System for your organization.

Technology
1 of 19
Download to read offline
Zertifizierung Iris Maaß Whi h M t f I f ti S t t Zerifizierung Which Management of Information Systems to choose for my organization? 17/08/2015Iris Maaß 2015 1
ContentsContents  Benefit of information management systems  Significance of certification  Overview of the central information management systems  ISO 9001 Quality Management focusing on IT  ISO 27001 Information Security Management System (ISMS) ISO 27001 Information Security Management System (ISMS)  ISO 20000-1 Service Management System (SMS)  ISO 22301 Business Continuity Management System (BCM)ISO 22301 Business Continuity Management System (BCM)  Decision-making aid: What standard is the right one for your company?  Arguments for certification by TÜV NORD CERT  What happens when you come to us  Further information 17/08/2015Iris Maaß 2015 2
Benefits of information management systemsBenefits of information management systems  Quality and finances are managed, as are the company's important resources such as personnel, required material  Similarly data security, risks and operational continuity must be managed as a major company resourcemanaged as a major company resource.  Data risks increase in proportion to the relocation of business onto the internet via online shops and to the extent external service providers are used (Cloud Computing, Outsourcing)  Half of all hacking attacks worldwide are aimed at companies with a maximum of 2500 employees (not only large corporations area maximum of 2500 employees (not only large corporations are affected) [Symantec study]  Anyone offering IT services externally (B2B or B2C) must ensure there is trust in his services 17/08/2015Iris Maaß 2015 3
Significance of certificationSignificance of certification  Any audit conducted by a neutral, independent organisation on your management system ensures the confidence of the market O hi hl lifi d dit hi hli ht b th l f b t Our highly qualified auditors highlight both examples of best practice in your system and weak points, thus helping you to improve  The decision to obtain certification signalises in the company that i l t ti f th t t i j timplementation of the management system is a major concern to you  When the date is set for certification this will mobilise the necessary forces to implement the management system l t l d h d l ( i i i t )completely and on schedule (overcoming inner resistance) 17/08/2015Iris Maaß 2015 4
Overview of the possible standards relating to ITOverview of the possible standards relating to IT Focus ISO 9001 ISO 27001 ISO 20000-1 ISO 22301 Management system Yes Yes Yes Yes Accredited Yes Yes Yes YesAccredited Yes Yes Yes Yes Manual, CIP, goals Yes Yes Yes Yes Statement to the outside Quality Data security IT service quality Business continuity Customer General Security Service level RiskCustomer requirement General Security Service level agreements Risk management Regulatory requirements/ Yes Yes - - requirements/ data protection 17/08/2015Iris Maaß 2015 5
Overview of information management systemsOverview of information management systems  ISO 9001 certifies the fundamental structure of a management system based on customer orientation  Certification to ISO 27001, 20000-1 and ISO 22301 represent specialisations with different points of focusspecialisations with different points of focus.  ISO 27001: Security of information including qualitative, operational, business continuity and IT service-related requirements; special consideration of risk management  Is the important foundation for the IT architecture  ISO 20000-1 is the pure view of the IT services as a service ISO 20000-1 is the pure view of the IT services as a service process  ISO 22301 focuses on the continuous business sequence and manages the critical business processes; the risks of operational interruptions are identified, examined and evaluated 17/08/2015Iris Maaß 2015 6
ISO 27001 Information Security ManagementISO 27001 Information Security Management  An Information Security Management SystemAn Information Security Management System (ISMS) is that part of the whole management system which covers the following on the basis of a business risk approach:business risk approach:  the development,  implementation,implementation,  conduct,  surveillance,  review,  maintenance  and improvement of the information security 17/08/2015Iris Maaß 2015 7
ISO 27001 Information Security Management SystemISO 27001 Information Security Management System  Good information is a major value added factor in the company  Confidentiality, availability and integrity should be the basis for the evaluation of information I f ti i t ( i l ) Information is an asset (a precious value)  An ISMS (Information Security Management System) counteracts risks and guarantees information securityg y  Alongside adverse influences, statutory, regulatory and contractual provisions are taken into account in the ISMS  Certification is appropriate for all organisations and companies for whom IT and Data possess a special value  Certification can also proceed in combination with ISO 9001 ISO Certification can also proceed in combination with ISO 9001, ISO 20000-1 and/or ISO 22301 17/08/2015Iris Maaß 2015 8
ISO 27001 Information Security Management SystemISO 27001 Information Security Management System Benefits of certification according to ISO 27001:  Reveals weak points in the handling of information  Sensitises employees and enhances risk awareness  Minimises risks  Creates confidence in the organisation, among customers, partners and investorspartners and investors 17/08/2015Iris Maaß 2015 9
ISO 27001 native and BSI basic protectionISO 27001 native and BSI basic protection  IT security can be considered from 2 angles: Accredited certification according to ISO 27001 (ISO 27001 native) Approach of the Federal Office for Information Security (BSI basic protection)protection) Management-based view (top down), business-oriented approach Component-based view (bottom up), approach specific to the authority Procedures to guarantee the ISMS are detemined by the organisation itself, evaluation according to risk methodology Formal procedure according to BSI 100- 2: Introduction of all requirements according to BSI basic protection manualevaluation according to risk methodology of the organisation according to BSI basic protection manual (rigid check list) Certification by accredited certification body TÜV NORD CERT, certificate Audit by recognised and licensed auditor at TÜV NORD CERT; certificate issuedbody TÜV NORD CERT, certificate issued by TÜV NORD CERT at TÜV NORD CERT; certificate issued by BSI Recognised worldwide Recognised in Germany 17/08/2015Iris Maaß 2015 10
ISO 27001 native and BSI basic protectionISO 27001 native and BSI basic protection  Both approaches have their justification  We recommend ISO 27001 native because it can be tailored to your needs in your company and the certificate is also recognised in international business transactionsin international business transactions  The ISMS Auditors at TÜV NORD CERT are licensed for both and can offer you both audits or a combination of the two 17/08/2015Iris Maaß 2015 11
ISO 20000-1 Service Management SystemISO 20000-1 Service Management System  Internationally recognised standard defines the requirements for a professional IT Service Management System  80% of the IT budget is connected directly with the service processes  high cost relevance of efficient processesprocesses  high cost relevance of efficient processes  Enables organisations to measure objectively their capability to render services and making it comparable (benchmarking)  Orientation of IT Services (in-house or external) towards the needs of customers or the requirements of the core business R d ti f ti i k d li ith t t l Reduction of operative risks and compliance with contractual assurances (Service Level Agreements)  Integration of the process-based approach of the ISO systems withIntegration of the process based approach of the ISO systems with PDCA cycle and continuous improvement with the requirements for IT service processes 17/08/2015Iris Maaß 2015 12
ISO 20000-1 Service Management SystemISO 20000-1 Service Management System  ISO 20000 helps assure high service quality in terms of cost efficiency and risk consideration ProcessProcess efficiency Coverage of risks Cost efficiency Beste iservice quality 17/08/2015Iris Maaß 2015 13
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management  Formerly BS 25999-2  This concerns maintenance of business operations despite serious impairment (power failure, pandemic, political events) Ri k i d l d t h h l ti Risk scenarios are developed to show how regular operation can be resumed in the shortest possible time after a break due to disruption  Reduction of damage, threats  Certification offers independent, qualified statement on efficiency d d f th ti l d t ti fand soundness of the contingency plans and restoration of business operations  In addition information can be found in a Code of PracticeIn addition information can be found in a Code of Practice according to BS 25999-1 (available from tsterzenbach@tuev- nord.de) 17/08/2015Iris Maaß 2015 14
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management  Certification recommended for larger SMEs and large enterprises  Important in particular where there is greater global networking of partners, suppliers and in the case of hived-off sub-processes C tifi ti fi th i t f t f iti l Certifications confirms the existence of a system for critical business processes in order to continue the system in exceptional cases  Certainty concerning the validity of a company's own risk management P iti i li bl b i t b tifi ti t th Positioning as reliable business partner by certification to the outside world 17/08/2015Iris Maaß 2015 15
What standard is the right one for your company?What standard is the right one for your company? ISO 9001 Focus on customer orientation and management system in general  Introduction to the subject of management systems ISO 27001 For all companies where data handling plays a role  Service providers, IT companies, banks + insurance i t di i bli i tit ticompanies, trading companies, public institutions ISO 20000-1 IT service providers, service centres within organisations ISO 22301 SME l i f kf f 2000ISO 22301 SMEs or large companies from workforce of 2000 up, public utilities (power plants), all organisations where continuous business operations are of vital importance 17/08/2015Iris Maaß 2015 16
Reasons for accredited certificationReasons for accredited certification  Numerous voluntary quality marks flood the market  Their scope is normally restricted to the German market  Voluntary quality marks are normally only based on house t d d ( dit dstandards (no accredited surveillance) Benefits of international standards from this presentation:p  Worldwide recognition (International Standardization Organisation)  Certifier TÜV NORD CERT is accredited  Surveillance of certification by the accreditation body (DAkkS; German accreditation body which conducts the statutory surveillance for Germany)surveillance for Germany)  Internationally certification is subject to surveillance by accreditation bodies in Europe and worldwide acc. to same rules in every country  certification acc. to ISO standards is sounder 17/08/2015Iris Maaß 2015 17
What happens when you come to usWhat happens when you come to us 1. Provisional offer by our Sales Department 2. If offer is accepted 3. A suitable suitor is assigned 4. You receive a written confirmation 5. Auditor contacts you to discuss a time frame for the certification, clarification of open questionsclarification of open questions 6. Despatch of an audit schedule approx. 4 weeks prior to audit date 7. Stage 1 For first certification establishment of certifiability of yourg y y organisation with report 8. Stage 2 Audit in your company with report 9. Certification decision in the certification body 10. Issuance of a certification if result of audit is positive 17/08/2015Iris Maaß 2015 18
Contact: Iris Maaß imaass@tuev-nord.de Phone: +49 511 9986 2660Phone: +49 511 9986 2660 17/08/2015Iris Maaß 2015 19

Recommended

ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTGaffri Johnson
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013SAIGlobalAssurance
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
Health, Safety and Security through Compliance
Health, Safety and Security through ComplianceHealth, Safety and Security through Compliance
Health, Safety and Security through Compliancekanew396
 
Isms
IsmsIsms
Ismspenetration Tester
 
It security iso 27001
It security iso 27001It security iso 27001
It security iso 27001Iris Maaß
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
ISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideVerde Ventures Pvt. Ltd.
 

Recommended

ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTGaffri Johnson
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013SAIGlobalAssurance
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
Health, Safety and Security through Compliance
Health, Safety and Security through ComplianceHealth, Safety and Security through Compliance
Health, Safety and Security through Compliancekanew396
 
Isms
IsmsIsms
Ismspenetration Tester
 
It security iso 27001
It security iso 27001It security iso 27001
It security iso 27001Iris Maaß
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
ISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideVerde Ventures Pvt. Ltd.
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 
ISO CERTIFICATIONS
ISO CERTIFICATIONSISO CERTIFICATIONS
ISO CERTIFICATIONSBeingcert_Certifications
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Khawar Nehal khawar.nehal@atrc.net.pk
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4Obrina Candra, CISA, ISMS-LA
 
Tripwire Iso 27001 Wp
Tripwire Iso 27001 WpTripwire Iso 27001 Wp
Tripwire Iso 27001 Wpketanaagja
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListSriramITISConsultant
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANA Putra
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)AHM Pervej Kabir
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certificationramya119
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewAhmed Riad .
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301IT Governance Ltd
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Dissemination meeting presentation
Dissemination meeting presentationDissemination meeting presentation
Dissemination meeting presentationCeezana Bajracharya
 

More Related Content

What's hot

Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
Tripwire Iso 27001 Wp
Tripwire Iso 27001 WpTripwire Iso 27001 Wp
Tripwire Iso 27001 Wpketanaagja
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListSriramITISConsultant
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANA Putra
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)AHM Pervej Kabir
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certificationramya119
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewAhmed Riad .
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301IT Governance Ltd
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 

What's hot (20)

Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
 
ISO CERTIFICATIONS
ISO CERTIFICATIONSISO CERTIFICATIONS
ISO CERTIFICATIONS
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Iso 27001 10_apr_2006
Iso 27001 10_apr_2006
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
 
Tripwire Iso 27001 Wp
Tripwire Iso 27001 WpTripwire Iso 27001 Wp
Tripwire Iso 27001 Wp
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certification
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcm
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
 

Viewers also liked

Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Dissemination meeting presentation
Dissemination meeting presentationDissemination meeting presentation
Dissemination meeting presentationCeezana Bajracharya
 
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleJohn Bambenek
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 
Food Security Information System (FSIS) Consultative Workshop Sudan 27-29 Dec...
Food Security Information System (FSIS) Consultative Workshop Sudan 27-29 Dec...Food Security Information System (FSIS) Consultative Workshop Sudan 27-29 Dec...
Food Security Information System (FSIS) Consultative Workshop Sudan 27-29 Dec...Sudan Agriculture
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Consumption function
Consumption functionConsumption function
Consumption functionArpan Ramtek
 
ITIL v3 Foundation Overview
ITIL v3 Foundation OverviewITIL v3 Foundation Overview
ITIL v3 Foundation Overviewadabbas
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
ITIL V3 New Process Maps
ITIL V3 New Process MapsITIL V3 New Process Maps
ITIL V3 New Process Mapscityfan
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
ITIL® V3 and ISO 20K: Better Together - ITSM Academy Webinar
ITIL® V3 and ISO 20K: Better Together - ITSM Academy WebinarITIL® V3 and ISO 20K: Better Together - ITSM Academy Webinar
ITIL® V3 and ISO 20K: Better Together - ITSM Academy WebinarITSM Academy, Inc.
 

Viewers also liked (12)

Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
Dissemination meeting presentation
Dissemination meeting presentationDissemination meeting presentation
Dissemination meeting presentation
 
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at Scale
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security control
 
Food Security Information System (FSIS) Consultative Workshop Sudan 27-29 Dec...
Food Security Information System (FSIS) Consultative Workshop Sudan 27-29 Dec...Food Security Information System (FSIS) Consultative Workshop Sudan 27-29 Dec...
Food Security Information System (FSIS) Consultative Workshop Sudan 27-29 Dec...
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Consumption function
Consumption functionConsumption function
Consumption function
 
ITIL v3 Foundation Overview
ITIL v3 Foundation OverviewITIL v3 Foundation Overview
ITIL v3 Foundation Overview
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
ITIL V3 New Process Maps
ITIL V3 New Process MapsITIL V3 New Process Maps
ITIL V3 New Process Maps
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
 
ITIL® V3 and ISO 20K: Better Together - ITSM Academy Webinar
ITIL® V3 and ISO 20K: Better Together - ITSM Academy WebinarITIL® V3 and ISO 20K: Better Together - ITSM Academy Webinar
ITIL® V3 and ISO 20K: Better Together - ITSM Academy Webinar
 

Similar to Choose the Right Management System

Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
ISO 28000:2008 Certification
ISO 28000:2008 Certification ISO 28000:2008 Certification
ISO 28000:2008 Certification Sifiso Nxele
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S proaxissolutions
 
Approaches to the development of Integrated Management Systems for modern IT ...
Approaches to the development of Integrated Management Systems for modern IT ...Approaches to the development of Integrated Management Systems for modern IT ...
Approaches to the development of Integrated Management Systems for modern IT ...Grigoriy Chkheidze
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
ISO 9001 implementation in IT Companies
ISO 9001 implementation in IT CompaniesISO 9001 implementation in IT Companies
ISO 9001 implementation in IT Companiesannoyket
 
ISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .pptISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .pptHardinScott8
 
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?sistemaCertification
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
certificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).pptcertificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).pptkeithhansen21
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...Tromenz Learning
 
ISO 27001 Certification-Article mod 3.ppt
ISO 27001 Certification-Article mod 3.pptISO 27001 Certification-Article mod 3.ppt
ISO 27001 Certification-Article mod 3.pptjohnwesley758817
 
ISO 27001 Certification(Israel).ppt
ISO 27001 Certification(Israel).pptISO 27001 Certification(Israel).ppt
ISO 27001 Certification(Israel).pptkeithhansen21
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course Desmond Muchetu
 
ISO 27001 certification cost in Bangalore.ppt
ISO 27001 certification cost in Bangalore.pptISO 27001 certification cost in Bangalore.ppt
ISO 27001 certification cost in Bangalore.pptHardinScott8
 

Similar to Choose the Right Management System (20)

Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
Isms2
Isms2Isms2
Isms2
 
ISO 28000:2008 Certification
ISO 28000:2008 Certification ISO 28000:2008 Certification
ISO 28000:2008 Certification
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance Partner
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
 
Approaches to the development of Integrated Management Systems for modern IT ...
Approaches to the development of Integrated Management Systems for modern IT ...Approaches to the development of Integrated Management Systems for modern IT ...
Approaches to the development of Integrated Management Systems for modern IT ...
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
 
ISO 9001 implementation in IT Companies
ISO 9001 implementation in IT CompaniesISO 9001 implementation in IT Companies
ISO 9001 implementation in IT Companies
 
ISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .pptISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .ppt
 
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
certificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).pptcertificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).ppt
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
 
ISO 27001 Certification-Article mod 3.ppt
ISO 27001 Certification-Article mod 3.pptISO 27001 Certification-Article mod 3.ppt
ISO 27001 Certification-Article mod 3.ppt
 
AIOTA Certification.pdf
AIOTA Certification.pdfAIOTA Certification.pdf
AIOTA Certification.pdf
 
ISO 27001 Certification(Israel).ppt
ISO 27001 Certification(Israel).pptISO 27001 Certification(Israel).ppt
ISO 27001 Certification(Israel).ppt
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
 
ISO 27001 certification cost in Bangalore.ppt
ISO 27001 certification cost in Bangalore.pptISO 27001 certification cost in Bangalore.ppt
ISO 27001 certification cost in Bangalore.ppt
 

Recently uploaded

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Choose the Right Management System

  • 1. Zertifizierung Iris Maaß Whi h M t f I f ti S t t Zerifizierung Which Management of Information Systems to choose for my organization? 17/08/2015Iris Maaß 2015 1
  • 2. ContentsContents  Benefit of information management systems  Significance of certification  Overview of the central information management systems  ISO 9001 Quality Management focusing on IT  ISO 27001 Information Security Management System (ISMS) ISO 27001 Information Security Management System (ISMS)  ISO 20000-1 Service Management System (SMS)  ISO 22301 Business Continuity Management System (BCM)ISO 22301 Business Continuity Management System (BCM)  Decision-making aid: What standard is the right one for your company?  Arguments for certification by TÜV NORD CERT  What happens when you come to us  Further information 17/08/2015Iris Maaß 2015 2
  • 3. Benefits of information management systemsBenefits of information management systems  Quality and finances are managed, as are the company's important resources such as personnel, required material  Similarly data security, risks and operational continuity must be managed as a major company resourcemanaged as a major company resource.  Data risks increase in proportion to the relocation of business onto the internet via online shops and to the extent external service providers are used (Cloud Computing, Outsourcing)  Half of all hacking attacks worldwide are aimed at companies with a maximum of 2500 employees (not only large corporations area maximum of 2500 employees (not only large corporations are affected) [Symantec study]  Anyone offering IT services externally (B2B or B2C) must ensure there is trust in his services 17/08/2015Iris Maaß 2015 3
  • 4. Significance of certificationSignificance of certification  Any audit conducted by a neutral, independent organisation on your management system ensures the confidence of the market O hi hl lifi d dit hi hli ht b th l f b t Our highly qualified auditors highlight both examples of best practice in your system and weak points, thus helping you to improve  The decision to obtain certification signalises in the company that i l t ti f th t t i j timplementation of the management system is a major concern to you  When the date is set for certification this will mobilise the necessary forces to implement the management system l t l d h d l ( i i i t )completely and on schedule (overcoming inner resistance) 17/08/2015Iris Maaß 2015 4
  • 5. Overview of the possible standards relating to ITOverview of the possible standards relating to IT Focus ISO 9001 ISO 27001 ISO 20000-1 ISO 22301 Management system Yes Yes Yes Yes Accredited Yes Yes Yes YesAccredited Yes Yes Yes Yes Manual, CIP, goals Yes Yes Yes Yes Statement to the outside Quality Data security IT service quality Business continuity Customer General Security Service level RiskCustomer requirement General Security Service level agreements Risk management Regulatory requirements/ Yes Yes - - requirements/ data protection 17/08/2015Iris Maaß 2015 5
  • 6. Overview of information management systemsOverview of information management systems  ISO 9001 certifies the fundamental structure of a management system based on customer orientation  Certification to ISO 27001, 20000-1 and ISO 22301 represent specialisations with different points of focusspecialisations with different points of focus.  ISO 27001: Security of information including qualitative, operational, business continuity and IT service-related requirements; special consideration of risk management  Is the important foundation for the IT architecture  ISO 20000-1 is the pure view of the IT services as a service ISO 20000-1 is the pure view of the IT services as a service process  ISO 22301 focuses on the continuous business sequence and manages the critical business processes; the risks of operational interruptions are identified, examined and evaluated 17/08/2015Iris Maaß 2015 6
  • 7. ISO 27001 Information Security ManagementISO 27001 Information Security Management  An Information Security Management SystemAn Information Security Management System (ISMS) is that part of the whole management system which covers the following on the basis of a business risk approach:business risk approach:  the development,  implementation,implementation,  conduct,  surveillance,  review,  maintenance  and improvement of the information security 17/08/2015Iris Maaß 2015 7
  • 8. ISO 27001 Information Security Management SystemISO 27001 Information Security Management System  Good information is a major value added factor in the company  Confidentiality, availability and integrity should be the basis for the evaluation of information I f ti i t ( i l ) Information is an asset (a precious value)  An ISMS (Information Security Management System) counteracts risks and guarantees information securityg y  Alongside adverse influences, statutory, regulatory and contractual provisions are taken into account in the ISMS  Certification is appropriate for all organisations and companies for whom IT and Data possess a special value  Certification can also proceed in combination with ISO 9001 ISO Certification can also proceed in combination with ISO 9001, ISO 20000-1 and/or ISO 22301 17/08/2015Iris Maaß 2015 8
  • 9. ISO 27001 Information Security Management SystemISO 27001 Information Security Management System Benefits of certification according to ISO 27001:  Reveals weak points in the handling of information  Sensitises employees and enhances risk awareness  Minimises risks  Creates confidence in the organisation, among customers, partners and investorspartners and investors 17/08/2015Iris Maaß 2015 9
  • 10. ISO 27001 native and BSI basic protectionISO 27001 native and BSI basic protection  IT security can be considered from 2 angles: Accredited certification according to ISO 27001 (ISO 27001 native) Approach of the Federal Office for Information Security (BSI basic protection)protection) Management-based view (top down), business-oriented approach Component-based view (bottom up), approach specific to the authority Procedures to guarantee the ISMS are detemined by the organisation itself, evaluation according to risk methodology Formal procedure according to BSI 100- 2: Introduction of all requirements according to BSI basic protection manualevaluation according to risk methodology of the organisation according to BSI basic protection manual (rigid check list) Certification by accredited certification body TÜV NORD CERT, certificate Audit by recognised and licensed auditor at TÜV NORD CERT; certificate issuedbody TÜV NORD CERT, certificate issued by TÜV NORD CERT at TÜV NORD CERT; certificate issued by BSI Recognised worldwide Recognised in Germany 17/08/2015Iris Maaß 2015 10
  • 11. ISO 27001 native and BSI basic protectionISO 27001 native and BSI basic protection  Both approaches have their justification  We recommend ISO 27001 native because it can be tailored to your needs in your company and the certificate is also recognised in international business transactionsin international business transactions  The ISMS Auditors at TÜV NORD CERT are licensed for both and can offer you both audits or a combination of the two 17/08/2015Iris Maaß 2015 11
  • 12. ISO 20000-1 Service Management SystemISO 20000-1 Service Management System  Internationally recognised standard defines the requirements for a professional IT Service Management System  80% of the IT budget is connected directly with the service processes  high cost relevance of efficient processesprocesses  high cost relevance of efficient processes  Enables organisations to measure objectively their capability to render services and making it comparable (benchmarking)  Orientation of IT Services (in-house or external) towards the needs of customers or the requirements of the core business R d ti f ti i k d li ith t t l Reduction of operative risks and compliance with contractual assurances (Service Level Agreements)  Integration of the process-based approach of the ISO systems withIntegration of the process based approach of the ISO systems with PDCA cycle and continuous improvement with the requirements for IT service processes 17/08/2015Iris Maaß 2015 12
  • 13. ISO 20000-1 Service Management SystemISO 20000-1 Service Management System  ISO 20000 helps assure high service quality in terms of cost efficiency and risk consideration ProcessProcess efficiency Coverage of risks Cost efficiency Beste iservice quality 17/08/2015Iris Maaß 2015 13
  • 14. ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management  Formerly BS 25999-2  This concerns maintenance of business operations despite serious impairment (power failure, pandemic, political events) Ri k i d l d t h h l ti Risk scenarios are developed to show how regular operation can be resumed in the shortest possible time after a break due to disruption  Reduction of damage, threats  Certification offers independent, qualified statement on efficiency d d f th ti l d t ti fand soundness of the contingency plans and restoration of business operations  In addition information can be found in a Code of PracticeIn addition information can be found in a Code of Practice according to BS 25999-1 (available from tsterzenbach@tuev- nord.de) 17/08/2015Iris Maaß 2015 14
  • 15. ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management  Certification recommended for larger SMEs and large enterprises  Important in particular where there is greater global networking of partners, suppliers and in the case of hived-off sub-processes C tifi ti fi th i t f t f iti l Certifications confirms the existence of a system for critical business processes in order to continue the system in exceptional cases  Certainty concerning the validity of a company's own risk management P iti i li bl b i t b tifi ti t th Positioning as reliable business partner by certification to the outside world 17/08/2015Iris Maaß 2015 15
  • 16. What standard is the right one for your company?What standard is the right one for your company? ISO 9001 Focus on customer orientation and management system in general  Introduction to the subject of management systems ISO 27001 For all companies where data handling plays a role  Service providers, IT companies, banks + insurance i t di i bli i tit ticompanies, trading companies, public institutions ISO 20000-1 IT service providers, service centres within organisations ISO 22301 SME l i f kf f 2000ISO 22301 SMEs or large companies from workforce of 2000 up, public utilities (power plants), all organisations where continuous business operations are of vital importance 17/08/2015Iris Maaß 2015 16
  • 17. Reasons for accredited certificationReasons for accredited certification  Numerous voluntary quality marks flood the market  Their scope is normally restricted to the German market  Voluntary quality marks are normally only based on house t d d ( dit dstandards (no accredited surveillance) Benefits of international standards from this presentation:p  Worldwide recognition (International Standardization Organisation)  Certifier TÜV NORD CERT is accredited  Surveillance of certification by the accreditation body (DAkkS; German accreditation body which conducts the statutory surveillance for Germany)surveillance for Germany)  Internationally certification is subject to surveillance by accreditation bodies in Europe and worldwide acc. to same rules in every country  certification acc. to ISO standards is sounder 17/08/2015Iris Maaß 2015 17
  • 18. What happens when you come to usWhat happens when you come to us 1. Provisional offer by our Sales Department 2. If offer is accepted 3. A suitable suitor is assigned 4. You receive a written confirmation 5. Auditor contacts you to discuss a time frame for the certification, clarification of open questionsclarification of open questions 6. Despatch of an audit schedule approx. 4 weeks prior to audit date 7. Stage 1 For first certification establishment of certifiability of yourg y y organisation with report 8. Stage 2 Audit in your company with report 9. Certification decision in the certification body 10. Issuance of a certification if result of audit is positive 17/08/2015Iris Maaß 2015 18
  • 19. Contact: Iris Maaß imaass@tuev-nord.de Phone: +49 511 9986 2660Phone: +49 511 9986 2660 17/08/2015Iris Maaß 2015 19