Friends, every industry want to keep and maintain their Information to be secure in any cost. And here the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) comes in place to get certified with Standards (ISMS) Information Security Management System policies. ISO completely follows the 114 ISMS standards which needs to get audited and approve for ISO certificate. Standards which we have to follow and maintain each and every records for Information passes from every point to point within the organization and information going outside organization. These standard controls are authorised by global ISO standard team. Here we are going to explain you how you can get the required policies in place in your organization and how you can apply for the certificate and what is the Audit process, in short term.
Basically it is to maintain logs, documented records and evidence in a proper process which is defined in ISO standards to follow within the organisation to avoid compromise on important information leak. Before going ahead you have to understand and Study why your management want to go with this certificate and how it will help your organization to build a reputation in Global market. Because on these purpose only you and your management can achieve the right ISO certificate goal. As your organization have to spend a little more cost on its requirements, documentation and auditing process, so all these you have to keep in mind and agree with management for smooth flow of ISO Audit. Most of the ISO audit fails due to above reasons are not explained and discussed with management, which makes things more complicated and difficult to get approve for certification. ISMS standard controls are not mandatory to implement but we have to justify and have proper risk acceptance reason on why we are unable to implement it in our organization.
The process to apply ISO certificate is simple. We have to follow ISMS 114 standard controls in every department in organization from Accounts & Finance, Human Resource, Information Technology, Marketing & Sales, Administration and remaining working staff. Firstly you have to arrange an ISO committee within organization, with the people from every department. Then you have to Plan on what you are currently following to maintain IN-OUT of security Information, what additionally needs to be implemented as per ISO standard. Once you are ready with your Plan, next step it to implement the requirements and maintain it in records. Once Requirements are in place, we have to keep monitoring on it, review it and maintain documented forms reports as evidence for audit review. And then finally all sets as per ISMS standard controls we have to keep track on every controls and have to keep records of every activity in standard forms and format.
Once all you ISO requirements are in place, you can apply for Audit process which goes through out Globally Authorised ISO Companies which called as Certification bodies. These bodies does ISO Audit in two visits. In first visit they checks the ISMS 114 standard controls are followed or not and if anything remains they raise NC on it and ask us timeline for implementing it before final audit. Once we are ready with first audits points in which we accepted the risk for and which we implemented are done. We can ask certification body for final audit process. And once Final audit goes up to mark, you get certified for ISO certificate.
There is more in detailed points of ISO ISMS standard which we did not discussed here, but here we just want to give you an simple idea and confidence on not to scare with ISO certification and go free minded for certification. In market there are so many pre-auditors are available which help and guide you through the process on documentation and follow the standard process.
We will share the copy of ISMS 114 standard controls with you on request. Please email us on firstname.lastname@example.org to discuss more on the subject and mention your comments below. Thank you for reading…