Managing security and compliance through an Information Security and Management System

Using an holistic approach to managing ISO/IEC 27001, data protection, privacy and PCI DSS

Information Security Management SystemBy using a single system for the ongoing management of compliance, regulatory and legal information security obligations, overlapping requirements can be identified, efficiencies leveraged and greater visibility and assurance can be provided to the organization. To achieve this single point of management we advise adopting the internationally recognised ISO/IEC 27001 – Information Security Management System (ISMS) model.

This paper provides insight on how an Information Security Management System (ISMS) can be used to drive a holistic management approach for security standards and compliance obligations such as ISO 27001, PCI DSS and privacy.

Disclaimer

BSI is an accredited Certification Body for Management System Certification and Product certification. No BSI Group company may provide management system consultancy or product consultancy that could be in breach of accreditation requirements.

Clients who have received any form of management system consultancy or product consultancy from any BSI Group company are unable to have BSI certification services within a 2 year period following completion of consultancy.