Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

ISO27001:2013 Security Objectives Presentation

advertisement 
Totemic Technology Ltd
Security Objectives Presentation
ISO27001:2013
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 63 Company
Confidential
About Totemic Technology
Totemic Technology is the holding company for;
• Totemic Managed Solutions
• Firefly-Online
• Codesky Media
The group provide a variety of SaaS solutions
and applications, including contract & portfolio
management, collections & distributions, web
design, CPQ and debt management.
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
The ISO27001:2013 Journey
• We have a responsibility to our customers to
ensure that all information is held confidentially,
integrity is ensured, and that it is available to the
customer when required.
• As a result we have implemented an Information
Security Management System (ISMS) confirming
to the ISO27001 standard.
• This is to meet contractual requirements & assure
customers of the Company’s commitment to
maintaining highest levels of security.
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Context of Organization
There are various external issues facing Totemic
Technology with regards to information security:
• Customer expectations
• Legislation
• Market place changes
• Continual Risks (Attacks, hacking)
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Interested Parties
The interested parties relevant to Totemic
Technology’s ISMS are:
• ICO - Relevance adherence with Data
Protection Act 1998
• FCA
• Clients and key stakeholders (i.e. Totemic
Group)
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Leadership & Commitment
• The CEO of Totemic Technology Limited
authorises the Company’s Information
Security Policy which is communicated to all
staff within the group.
• The ISMS is accessible to staff within the
group via the password controlled section of
the Totemic Technology website.
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Information Security Resources
Information security resources such as:
• Hardware
• Systems
• Software
• IPR
• Finance
Will be made available & discussed at the
Companies ISMS Management Reviews.
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
ISMS Communication
• Totemic Technology Ltd will communicate the
ISO27001: 2013 system internally to all
employees and contractors requiring access to
either company assets or IT systems
• Competence tests will be retained to
demonstrate effectiveness of this
communication programme.
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Promoting Effective Information Security
• Totemic Technology has issued a separate
presentation on data security for employees &
contractors alike
• This presentation must be viewed by all staff
& underpinned with a series of information
security competence tests
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Totemic ISMS Team
•
•
•
•
•
•
•
•
Kevin Baker - TMSolutions Development
Chris Boyle - TMSolutions Development
Duncan Beddows – CEO Group
Chloe Maxwell – TMSolutions Ops
Matt Deleon – TMSolutions Development
Marcus Haslam – Firefly Development
Sharon Jenkinson – Firefly Ops
Jordan Heppleston - Codesky
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Totemic Technology Company Structure
• Chloe please detail:
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
The Team – Key Posts
CEO
• Authorises the information security policy
• Establishes the corporate commitment to
obtaining the Standard ISO27001: 2013
• Reviews the performance of the ISMS at
scheduled 27001 Management Reviews
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
The Team – Key Posts
Operations Director
• Responsible for overseeing and maintaining
the ISMS and ISO27001 on a daily basis to
ensure that the company remains compliant
at all times.
• Liaising with key stakeholders (Compliance,
central services, BSI, Parker BD).
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
The Team – Key Posts
Development Members
• Group responsibility for the technical controls
within the standard.
• Input towards technical controls
(improvements, risks, policies etc.)
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
ISMS Roles, Responsibilities &
Authorities
• The CEO is responsible for ensuring that
clearly defined information security roles,
responsibilities & authorities are established &
communicated within Totemic
• The CEO will review the application of the
same through a programme of internal audit
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Information Security Objectives
• The CEO of Totemic has set the following
goals and objectives with regards the
Information Security Management System
• Security objectives must be
Consistent
Measurable
Focus on Risks
Be Communicated
Be updated
Identify Responsible Persons
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Security Objectives Set
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Security Objectives Set
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Reviewing The ISMS
• The ISMS will be reviewed at scheduled
management reviews
• Objectives and targets will be assessed for
performance & achievement
• Opportunities for continual improvement will
be identified
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Security is our business
Created: 25/11/2014 Last Updated:
25/11/2014 Version: 1.0 Approved: Duncan
Beddows Form No: 115 Company
Confidential
Related documents
Mary Jane Duncan has been a Parent Coordinator for the Twenty
Mary Jane Duncan has been a Parent Coordinator for the Twenty
Information about The Duncan Group
Information about The Duncan Group
NtregaBusinessPlanExpress 1.1 MB
NtregaBusinessPlanExpress 1.1 MB
Model Template Agency Release of Information Form
Model Template Agency Release of Information Form
Opt Out - Coastal Medical Group
Opt Out - Coastal Medical Group
Robyn Pope, Wesley Community Action
Robyn Pope, Wesley Community Action
Download
advertisement