Security and Value of Information

ISMS Inventory in Accordance with ISO/IEC 27001:2013Public trust and the confi dence of customers and employees in a company’s integrity and performance are of paramount importance for corporate success. With regard to trust, information security is an integral part of meeting business- and compliance-requirements. Setting up an information security management system (ISMS) will help ensure the confi -dentiality, integrity and availability of information.

In order to gain insight into the maturity level of the ISMS processes and the associated measures in one’s own company,it is advisable to let an ISMS inventory in accordance with the international standard ISO/IEC 27001:2013 be conducted by an independent testing company.

Approach

1/2 –ISMS Inventory in Accordance with ISO/IEC 27001:2013

TÜV TRUST IT has developed a standardised approach to take inventory, which renders possible target-performance comparisons and the identifi cation and utilisation of opti-misation potentials, thus laying the foundation of further setting up an ISMS.

Assessing the Status Quo

Together with the persons responsible for the respective processes, TÜV TRUST IT conducts an ISMS inventory in the form of a workshop. In so doing, existent processes will be analysed with regard to adequate safeguarding of the pro-tection objectives (confi dentiality, integrity, availability and authenticity). This analysis will be conducted on the basis of the internationally recognised standard ISO/IEC 27001:2013, examining both the appropriateness and completeness of the implemented measures.

The status quo of the respective sectors will, inter alia, be assessed by means of interviewing process-responsible per-sons, sighting documents and examining business processes. For this purpose, TÜV TRUST IT provides a detailed schedule in advance as well as its own preliminary information on the test topics, documents to be prepared and contact persons to be allowed for as part of the inventory.

Reporting Unsolved Issues and Recommending Measures

Subsequent to the inventory TÜV TRUST IT performs a GAP Analysis, pointing out unsolved issues, problem areas, poten-tials for development in specifi c areas as well as strategical recommendations. All identifi ed deviations from the stan-dards will be substantiated with regard to applicable norma-tive references.

Maturity degree of the ISMS-processes

0

20

40

60

80

100Kontext der Organisation

Führung

Planung

UnterstützungBetrieb

Bewertung der Leistung

Verbesserung

Context of the Organisation

Leadership

Planning

Support Operation

Performance Evaluation

Improvement

At the customer’s wish, TÜV TRUST IT will, on the basis of the inventory, deliver a rough estimate of the internal and external expenditures that are to be expected for implemen-ting a certifi able ISMS.

Your Benefi ts

• Comprehensive inventory within a reasonable time frame and at economically appropriate expenses

• Insight into the maturity degree of your ISMS processes and the according measures

• Detailed result report on unsolved issues, problem areas and potentials for improvement as well as strategical recommendations

• Low commitment of resources

• Well-established and continuously refi ned testing procedure

2/2 – ISMS Inventory in Accordance with ISO/IEC 27001:2013

Security and Value of Information

Maturity degree of the measurement objectives

TÜV TRUST IT GmbH TÜV TRUST ITTÜV AUSTRIA Group TÜV AUSTRIA GmbH

Waltherstraße 49–51 TÜV AUSTRIA-Platz 1D-51069 Köln A-2345 Brunn am GebirgePhone: +49 (0)221 969789 - 0 Phone: +43 (0) 5 0454 - 1000 info@tuv-austria.comFax: +49 (0)221 969789 -12 Fax: +43 (0) 5 0454 - 76245 www.it-tuv.com