ISMS (information security management system) ISO/IEC 27001 Registration (ISO 27001) Protocol
The registration protocol encompass three phases:
Note: The organization is given up to 90 days to resolve any AR or RA.
- Initial Stage: Completion of the application questionnaire and initial investigation to assure that the assessment - audit is viable and feasible. A
quote with term of agreement is sent for the organization to review and decide, once the assessment is viable and feasible.
- Phase I - This portion of the assessment protocol is to assure that the organization addresses legal obligations, regulatory requirements and
contractual agreement in a manner consistent with current ISMS ISO / IEC 27001 or equivalency by reviewing the implementation stage, statement of
applicability (and any exclusions). This phase provides a 1st step provides for a conformity assessment (adequacy) as readiness to advance to the Phase II assessment (assess the level of readiness of the
organization for Phase II). The deliverable is a report applying current ISMS ISO / IEC 27001 to ascertain provisions for legal obligations, regulatory requirements and contractual agreement.
- Phase II - Is to ascertain that the organization's processes and activities fulfill the ISMS meets legal obligations, regulatory requirements and contractual agreement (and consumer expectations) applying
current ISO / IEC 27001. The deliverables are (a) a detailed report of the appropriateness and effectiveness of the ISMS and will address any Request for Action (RA), Action Request (AR) and
Observation (OBS), and (b) to recommend (or not if a RA is present) the organization to an ISMS ISO / IEC 27001 Certificate of Registration.
Benefits, BRS ISMS:
- Provides demonstrable competence through impartiality resulting in consumer confidence,
- Organization has the freedom to demonstrate competence in protecting community and consumers,
- Reassures consumers, employees and other stakeholders that the controls to secure information are valid
- Identify threats and identify controls to assure prevention, elimination, reduction and mitigation (P|E|R|M),
- Provides a basis to manage legal obligations, regulatory requirements and contractual requirements,
- Effective Business Continuity strategy,
- Demonstrates credibility and trust,
- Appropriate controls to protect financial information, intellectual property and protection from loss, theft and damage,
- Ability to gain a business advantage as contractual requirement or expectation,
- Can lead to cost savings as a single breach of information can entail significant costs,
- Set forth enforceable policies throughout the organization
Assessment is undertaken by BRS and the organization must demonstrate competence in managing contemporary
ISMS. The ISMS ISO / IEC 27001 Certificate of Registration is fundamentally based on fulfillment of legal obligations, regulatory compliance and contractual requirements for the purpose to protect communities and
consumers. BRS certifications are backed by accreditation of public trust authoritatively empowerment by the State Government entrusted through the Attorney General Department of Justice, as determined by the US
Department of the Treasury.