Certification of Information Security Management Systems (ISMS) according to MSZ ISO/IEC 27001:2014
Steps of certification procedures
The security of information is a „sensitive point” at a lot of companies. A little gap in the information security system may often mean an open point to the potential attacks that may shake the company to the foundations. The World Wide Web, electronic trade, industrial espionage, global virus attacks or just international catastrophes made dramatically obvious the necessity of the high level information security management systems.
Information is a property that has value which – similarly to other important business assets - the organisation has to protect properly. Information security protects the information against several threats in order that the business continuity should be ensured, business damage should be minimum and business possibility and the return of investments should be maximised.
Information security safeguards the
a) confidence of information: protects the information that only authorized persons should have access to;
b) integrity of information: protects the accuracy and entirety of the information and its processing method;
c) availability of information: provides that the authorized person can really access the required information and the necessary equipment be at his/her disposal.
Topics, security measures and methods related to information security can be classified into more groups in many ways according to different criteria. Such as:
- Data protection: rules, processes and solutions to protect against loss or damage of information systems data and to ensure the continual availability of data. (The main consideration here is to maintain the reliable operational security of information systems.)
- Data security: rules, processes and solutions preventing the unauthorized access to the data of information systems or malicious wilful damage of information system.
In general, the security can be considered as satisfactory if the cost and the method of the protection as well as the risk of damage (value of loss × probability of occurrence) are under a tolerable limit. However it is necessary to emphasize that not only the sum but the methods of the protection are important, namely the protection shall be realised completely and exclusively. The tolerable risk defines the rate of investment that can be determined on the basis of tolerable limit indicated in a risk matrix. This limit shall be individually defined for all organisations in course of examination of information security.
The information security management system preserves confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.
The adoption of an information security management system is a strategic decision for an organization.
Scope: It is intended to be applicable to all organizations, regardless of type, size or nature.
Where shall an information security management system be implemented and certified?
- IT and telecommunications companies that carry out software development and prepare information and telecommunication projects.
- Financial, administrative organisations, authorities, energy and insurance companies that handle the personal data of their customers.
- Security companies that deal with property protection, defense and guarding technology.
- Logistic companies that contact their customer in electronic ways.
- Health institutions that provide health care.
- Suppliers (eg. cleaning, transportation companies).
Advantages of management system operated and certified by MSZ EN ISO/IEC 27001:2014:
- obtaining new business in case of those procurement regulations, which definitely require certification;
- obtaining of customer confidence by protecting personal information with risks reduction;
- providing business continuity by implementation of the system which can significantly reduce the costs on a long-term and it will be available in critical moments as well.
- High Level Structure (HLS): common structure for all management systems standards making it easier to integrate with other management systems (ISO 9001, ISO 14001)
What shall you do if you want to be our client?
If you are interested in our offer, you can receive the necessary information from one of our certification managers on our contact details. Or alternatively please fill out our "Request for Quotation" form and send it to us. We will welcome you among our client with pleasure and will send you a customized quotation as a reply.
Contact persons:
Mr. Viktor Szücs
tel: 06 1 456-6983
e-mail: v.szucs”at”mszt.hu
Mr. Levente Biacsi
certification manager
phone: (+36)-1-456-6930
e-mail: l.biacsi”at”mszt.hu
Ms. Zsuzsanna Kéki, ,
phone: 06 1 456-6929
e-mail: zs.keki"at"mszt.hu