Implementation of the Standard
NBR ISO / IEC 27001: 2013
In recent years, interest in the adequacy of computerized environments with the implementation of security controls has grown significantly.
Research indicates the investment trends for the coming years, among them, the improvement of risk management, the implementation of tools and processes to avoid information leakage and information security awareness.
It is also noted that, in the surveys, more than 8% of the participants formally implemented and certified an Information Security Management System (ISMS) and that, on average, 17% are in the implementation phase.
The most interesting is that approximately 32% do not yet have an ISMS, but are considering their development and implementation.
AuditSafe uses its own Structured Information Security Method, called MESI, for the development of its services, and focuses on addressing security aspects related to the human factor (people), technological, internal and procedural factors (rules and procedures).
This method provides a systematic process for the implementation of an ISMS based on the NBR ISO / IEC 27001: 2013 standard, which is also used in the definition of the scope, process mapping, visualization of the current situation of the risks of a elaboration of its structural documents (policies, norms and procedures), in the definition of the metrics, and in the planning of the activities or the implementation project.
The choice of an appropriate method of implementing an ISMS is important as it assists in addressing issues related to threats to the confidentiality, integrity and availability of corporate information, and directs efforts, investments, technologies and human resources.