ISMS (Information Security Management System)

If you wish to implement the ISMS under the ISO/IEC 27001:2005 standard, eZone can draw up the company’s security policy, auditing assets and analysing the risks in order to carry out, based on threats, vulnerabilities and impacts, an assessment and subsequent risk management that will enable selection of the necessary controls to minimise existing risks of the controls applicable to the standard. In order to achieve this, the first step must be a diagnosis that shows the processes that intervene in the information security.

The reference framework used comprises the 11 areas of action defined by the Information Security Management Best Practices Code, identified in the ISO/IEC 27001:2005 standard. The purpose of the ISO/UNE 17799 standard is to yield a management system to organisations which permits them to dispose of the appropriate instruments to guarantee the security of their information.