1 / 31

Governance, Risk & Compliance Using ISO 27001, ISO 20000 & ISO 22301

Governance, Risk & Compliance Using ISO 27001, ISO 20000 & ISO 22301. Sharing the Leading Best Practices in One Project. Agenda. Introduction The components of the Good Governance ISO 27001- Protecting the Information ISO 20,000 – Ensuring the Best IT Service Management

issac
Download Presentation

Governance, Risk & Compliance Using ISO 27001, ISO 20000 & ISO 22301

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Governance, Risk & ComplianceUsing ISO 27001, ISO 20000 & ISO 22301 Sharing the Leading Best Practicesin One Project

  2. Agenda • Introduction • The components of the Good Governance • ISO 27001- Protecting the Information • ISO 20,000 – Ensuring the Best IT Service Management • ISO 22301 – Ensuring the Continuity of the Business • Checklist • Conclusion

  3. GRC

  4. Importance of GRC • GRC Projects are must for various reasons • GRC has Crossed V1 Speed.

  5. Three Important Components of IT

  6. What is Governance? • Governance is all about: • Applying the Best Practices • Ensuring the Proper Control • Effective and Efficient Management • In a Single Sentence…. • It is the “Protection Umbrella”, which is • the Responsibility of Senior Management • and Board of Directors.

  7. What is the Solution?

  8. The Solution Explore Standards

  9. Gartner Hype Cycle

  10. Managing the Expectations

  11. Gartner’s View

  12. Selecting Top 3 Standards for Comprehensive Coverage

  13. Comprehensive Governance Coverage

  14. Information Security and ISO 27001 The Must have Standard.

  15. What is ISO 27001? • ISO 27001 is the Standard of Information Security • Two Parts • ISO 27001: Specifications • ISO 27002: Code of Practices • Uniqueness of ISO 27001 • Standard • 114 Annex A Controls

  16. ISO 27001

  17. ISO 27000 Series.. • Anxiously Waiting for… • 27000: Fundamentals and Vocabulary • 27001: ISMS Auditable and certifiable requirements • 27002: Replaced ISO 17799 • 27003: ISMS Implementation Guidelines • 27004: ISMS Measurement • 27005: ISMS Risk Management • 27006: Guide to the certification/registration process for accredited ISMS certification/registration bodies • 27007: Guidance for those auditing Information Security Management Systems against ISO 27001 • 27031: Information security management guidelines for telecommunications

  18. ISO 20,000 for(IT) Service Management System

  19. ISO 20000

  20. ITIL V3.0

  21. ITIL • It is all about the ‘Service’ • IT is recognized as ‘Service Provider’ • To be more specific IT is Service Provider to it’s customer Business Users

  22. Based on Deming Cycle

  23. Deming Cycle • William Edwards Deming • (October 14, 1900 – December 20, 1993) was Statistician. • Best known for his work in Japan. • From 1950 onward he taught top management how to improve • Design (and thus service), • Product quality, • Testing and s

  24. ISO 22301forBusiness Continuity Management

  25. Importance of BCM

  26. What is a Disaster?

  27. Storage Recovery Strategy

  28. In Summary….

  29. Fast Track Implementation

  30. No Standardization is No Excuse

  31. Thank You!

More Related