Consultancy Services- ISO27001-Introduction

ISO/IEC 27001 is a standard designed to ensure the selection of adequate and proportionate security controls to help you manage and protect your valuable information assets.

ISO/IEC 27001 requires that management:

• Systematically examines the organization's information security risks, taking account of the threats, vulnerabilities and impacts.
• Designs and implements a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that it deems unacceptable.
• Adopts an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.

   

Consultancy Services- ISO27001-Why Sumeru

Sumeru is armed with several years of experience in auditing and implementing ISO 27001 programs.

As awareness and 'correct' understanding of the ISO 27001 ISMS standard requirements are key factors in effective implementation and successful certification, we conduct comprehensive training workshops of this international security standard for the company's employees to achieve this goal.

Sumeru’s ISMS certification criteria recommend that an organization should adopt a process approach when it establishes, implements, operates monitors, maintains and improves the effectiveness of the organization's ISMS.

The benefit of adopting a process approach is that an organization can operate their ISMS effectively by managing combinations of and interaction among processes, as well as controlling links of each process.

Consultancy Services- ISO27001-Methodology

Our security consultants carry out a Gap-Analysis as part of the Readiness Assessment to evaluate your organization's security policies, procedures, standards and organization structure against the ISO 27001 standard.

Extensive experience in ISO / IEC 27001 consulting and compliance management has allowed Sumeru to develop and follow a robust and comprehensive approach to post-certification compliance management which guarantees consistent adherence to the ISO / IEC 27001 standards.

We follow the 4 step iterative ‘Plan-Do-Check-Act’ Process when helping an organization in implementing the ISO 27001 Standard at its premises. This would help ensure that the implementation takes place in a systematic manner, thus minimizing the possibility of setbacks or mistakes after the project kicks off.

ISO 20000 Introduction

IT Service Management (ITSM) is a process-based practice intended to align the delivery of information technology (IT) services with needs of the enterprise, emphasizing benefits to customers. ITSM involves a paradigm shift from managing IT as stacks of individual components to focusing on the delivery of end-to-end services using best practice process models.

ITIL (Information Technology Infrastructure Library) is a globally recognized collection of best practices for information technology (IT) service management. ITIL provides guidance on what should be done in order to offer users adequate IT Services to support their business processes.

ITIL certifications are available for individuals but until recently there was no way for an IT organization to prove that it is working along the ITIL recommendations.

ISO 20000 The ISO 20000 standard was conceived to fill this gap. Initiated by the two Organizations itSMF and BSI (British Standard Institute), it is modeled upon the principles of ITIL and for the first time offers IT organizations the possibility to have their IT Service Management certified.

ISO 20000 does not offer specific advice on how to design the processes. It is rather a set of requirements which must be met in order to qualify for certification.

Why Sumeru for ISO20000

Sumeru conducts awareness sessions for the management and the team and help them to explore the journey to achieve ISO 20000 Certification. Then the Sumeru team will define the Scope and time, and launch the ISO 20000 initiative.

We help form the Core IT Service Management team for implementing, monitoring and managing the IT Service Management Process and carry out an in-depth assessment of your current state compared to the ISO 20000 standard. Some specific advantages that can be offered by Sumeru for ISO 20000 certification are

• Alignment of information technology services and business strategy.
• Creation of a formal framework for current service improvement projects
• Provides a benchmark type comparison with best practices.
• Creates competitive advantages via the promotion of consistent and cost effective services.
• By requiring ownership and responsibility at all levels, it creates a progressive ethos and culture.
• Supports interchanging of service providers and staff by virtue of the creation of inter-enterprise operational processes.
• Reduction of risk and thus cost in terms of external service receipt
• Through the creation of a standard consistent approach, aids major organizational changes.
• Enhanced reputation and perception.
• Fundamental shift to pro-active rather than re-active processes

ISO20000 Methodology

ISO 20000 defines the requirements for an IT Service Management System. It sets out the main processes to deliver IT services effectively. As the standard itself aligns with ITIL, it specifies the following key process groups:

Introduction to CoBIT

In recent years, it has become increasingly evident that there is a need for a reference framework for security and control in IT.

COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and in developing appropriate IT governance and control in a company.

Why Sumeru for CoBIT

We follow a detailed approach to help your company not only in implementing COBIT in the organization but also in incorporating powerful control mechanisms into computers and networks, both hardware-based and software-based, thus automating organizational functions.

Sumeru 'COBIT Implementation Program' follows an approach that first aims at familiarizing all the employees of the organization to the COBIT Guidelines and obtaining their commitment to the policies laid out.

This enables the four COBIT domains of 'Plan and Organize', 'Acquire and Implement', 'Delivery and Support' and 'Monitor and Evaluate' to be engrained within the organization.

Introduction to SOX

The Sarbanes-Oxley Act, which was sparked by dramatic corporate and accounting scandals, represents the most important securities legislation since the original federal securities laws of the 1930s.

SOX aims to restore investor confidence in financial reporting and public capital markets.

Broadly speaking the Act’s provisions have been built around the following principles:

SOX Methodology

Sumeru follows a step by step approach in helping your company in complying with the regulations of the Sarbanes Oxley Act, thus helping it benefit from better credit ratings.

We assess both the design and operating effectiveness of selected internal controls related to significant accounts and relevant assertions, in the context of material misstatement risks.

We analyze the flow of transactions, including IT aspects, and identify points at which a misstatement could arise. We also evaluate company-level (entity-level) controls, which correspond to the components of the COSO framework; and perform a fraud risk assessment and evaluate the controls designed to prevent or detect fraud, including management override of controls; the controls over the period-end financial reporting process are also analyzed.

We would suggest steps that need to be implemented and the changes that need to be carried out in the way your organization functions to ensure that it complies with the 'Sabanes Oxley Act Regulations'.

Introduction to SAS 70

If your organization provides services to an entity that have an effect on the entity's financial statements, then you may be asked to provide a report on internal control for the benefit of the entity's management and their financial statement auditors. What type of audit should you be looking for? A SAS No. 70 audit will be your solution.

Statement on Auditing Standards No. 70 (SAS 70) is an internationally recognized auditing standard for service organizations.

SAS-70 Methodology

Working closely with staff of the client, Sumeru adopts a phased approach in SAS 70 implementation. The five stages are as follows:

• Planning and pre-assessment
• Identification and Definition of control objectives, both internal and external, in sync with the company's control environment.
• Documentation
• Design and execution of testing
• Reporting

Introduction to BCP DR

Business Continuity Management is a holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.

BCP DR Why Sumeru

Sumeru helps your Organization to build a Business Continuity Management System (BCMS) based on BS 25999-2 and DRII Specifications which embrace the Plan-Do-Check-Act (PDCA) cycle.

We would carry out a Business Impact Analysis and Risk Assessment and determine and select Business Continuity Management Strategies to be used to maintain the organization's business activities and processes through an interruption.

We also conduct training sessions for your employees to develop a 'Business Continuity' culture in the organization which is vital to maintaining enthusiasm, readiness and effective response at all levels. If you so desire, Sumeru would also provide Certification Support to help you get the BS25999 Certification for your BCMS.

BCP DR Methodology

Sumeru follows the Business Continuity Management Life cycle described in BS 25999-1. We help Organizations build a Business Continuity Management System (BCMS) based on BS 25999-2 Specification for BCM.

A BCMS is defined as ‘that part of the overall management system of the Organization that establishes, implements, operates, monitors, reviews, maintains and improves business continuity’. This implies that the system has: