Approach to ISO 27001

 Home / Pages / About Page

Project Approach

With the wrong approach you will set back your ISO registration by a year or more, misunderstand the whole point and cause substantial amounts of extra work.


Unfortunately there are many consultants out there who don’t understand this either and they are providing the misdirection. ISO 27001 is a management system standard. Its goal is to enhance information security but the way it does it is to build a management system that ensures success. It is NOT about information security controls and protecting information. Well, obviously it is about these things but only in outcome terms – not in terms of process.

 

Too many organizations pass the ISO 27001 project to the information security or IT organizations. Or a consultant is sought with expertise in information security. Typically these sources will focus on technical and security aspects of information security and spend a lot of time and money reviewing your security status, conducting tests and designing solutions. While this is definitely part of the program it is NOT what ISO 27001 is about and it wont get you registered. Further, this is the most expensive part of information security and takes the most time. Delays and cost are a turn off to top management.

 

The whole philosophy behind ISO 27001 is that you establish processes within your organization so that you understand your information security situation, what that means in risk terms, that your communicate it clearly to those ultimately responsible and take only the actions that you want to. That is it. It is not about physical security, network scanners or patching processes. If any of these are good ideas in your organization the management system will identify them, quantify what that means and allow those responsible to work out the risk return decision.

 

Addressing the controls can often take years and you don’t need to have done that to get ISO 27001 registered. If you start from the management system direction you can be ISO registered in a few months and have ever improving information security from then on. The background of the consultant who can do this best is those with more ISO experience than security experience. If your consultant is pressing for too much security then you probably have a long wait and a lot more effort to go before you get ISO registered. Our expertise is in processes and management systems and in the careful and precise interpretation of standards and regulatory requirements into organizational processes and management systems. We guarantee successful ISO registration when we take on projects.

Reasons to You Choose us

TuxCentrix is a Tusted name in InfoSec Consultancy
Founded in 2006, TuxCentrix Consultancy Pvt. Ltd, headquartered in Cochin (Kerala, India) to providing broad range of Information Security Services to its clients.
TuxCentrix provides total solution in Information Security Domain
TuxCentrix provides the comprehensive range of services and solutions in information security centered around risk assessment to deployment and continuous assessment. We assist organizations to identify and evaluate information security risks through security reviews, assessment, security audits and penetration testing and to design and implement security solutions to mitigate risks through strategic Information Security Management System implementation.
TuxCentrix Has Extensive Experience
We have extensive experience in information security and our committed team of highly skilled professionals ensure accurate implementation of information security solution.

Special Services

  •  Secure Network Engineering
    Secure networks are crucial for IT systems and their proper operations as most applicants works in the networking environment and closely depend on its performance, reliability and security. Improper network design can be very expensive for a company because of loss of business continuity, security incidents ,cost of network rebuilding etc. We help you to design and implement secure networks.
  •  Wireless Device Control
    Wireless devices are a convenient vector for attackers to maintain long-term access into a target environment. Major thefts of data have been initiated by attackers who have gained wireless access to organizations from outside the physical building. TuxCentrix provide solution to secure your wireless networks.
  •  Secure Configuration for Firewalls
    The approach to firewall configuration by our experienced firewall experts provide greatest security.