Contact HotSkills
HotSkills
SEARCH
How to reach us: 800.507.4517 info@hotskills-inc.com

 

HotSkills launches Orange Parachute!
Orange Parachute specializes in ISO 27001 certification and information security program evaluation, design and implementation.
click here for more details

ISO 27002 Implementation

Financial Services Organization - Regulatory

Background

The client was the information security department of a large semi-governmental financial organization with presence throughout the country. This organization is responsible for implementing monetary policy and regulating financial institutions throughout the United States.

The information security department wanted a third party validation of the information security services provided to the organization.

An internationally recognized information security certification such as BS 7799 would be compatible with the ISO9001 quality certification already held by the departmental security processes.

Implementation of an Information Security Management System (ISMS) based on ISO 27002 would allow this organization to attain certification to BS 7799.

The Challenge

The information security department had very sophisticated and mature information security practices in existence. This created a significant challenge in formulating a scope around a business function that spanned the country in contrast to scoping specific information assets contained within a specific span of control such as a data center.

The Solution

With most documentation already in existence, the project was a scoping and mapping exercise between the existent defacto ISMS and the ISO 27002/BS7799 requirements. Final documentation included:

  • A scope document detailing the information security department functions and how they relate to the infrastructure.
    • This clarified functional span of control.
  • A BS7799 Statement of Applicability mapping controls to requirements for use in the formal certification and registration process.

The Result

  • Implementation of an ISO 27002 (formerly known as ISO 17799) Information Security Management System
  • Certification and registration to the BS7799:2 information security management standard.
  • Third party validation of the information security department practices.
  • Upgrade certification to ISO 27001

info@hotskills-inc.com
(800) 507-4517
 © Hotskills 2005-2008 All Rights Reserved. Privacy Policy 4801 Nicollet Ave S, Suite A
Minneapolis, MN 55419
Site Map Services Industries About Us Contact