ISO/IEC 20000 IT SERVICE MANAGEMENT READINESS ASSESSMENT
ISO/IEC 20000 is the first international standard for IT Service Management (ITSM), and is the only audit-able International Standard which defines the requirements for an IT Service Management system. The standard promotes the adoption of an integrated process approach to effectively deliver managed services to meet the business and customer requirements. In a global marketplace, formal standards provide a common and consistent platform for organisations to work towards.
Any organisation that wants to be formally certified against the scheme will need to be assessed by an itSMF Registered Certification Body (RCB). Once the requirements of ISO/IEC 20000 have been satisfied, the RCB will issue a certificate of conformance and the organisation will be eligible to use the itSMF ISO/IEC 20000 logo as a sign of their achievement.
Pink Elephant’s ISO20000 Readiness Assessment is designed to be an objective survey of the level of readiness of an organisation for the formal certification process, and to measure the Quality of your Service Management Processes against the requirements defined by the ISO\IEC20000 international standard in Service Management. This is a useful pre-audit exercise which highlights areas of non-conformance which need to be addressed to achieve formal accreditation.
Through structured interviews with operational and strategic personnel, we build a view of your IT service management group and how the activities they undertake align with those defined as required by ISO/IEC20000, after which we perform a Gap Analysis to highlight priority areas as mandated by the standard. This gives you the opportunity to direct the focus on IT to the areas of the standard that require redressing before formal assessment and certification are undertaken.
ISO/IEC 27001 READINESS ASSESSMENT
ISO 27001 (formerly BS7799) is recognised as the standard for information security management. It provides a framework to minimise the threats to information and communication technology assets and the business
Most organisations already have a number of information security policies and controls in place, yet, these tend to be fragmented and are often based on generic threats or past security incidents.
A formal Readiness Assessment is not a requirement of certification to the ISO/IEC 2700 Standard but it can be helpful in assisting your organisation to prepare for initial certification.
The intention of the assessment is to save the organisation time and money by identifying deficiencies in its Information Security Management System (ISMS) before seeking Certification to the ISO/IEC 27001 Standard.
LET US HELP YOU ACHIEVE COMPLIANCE
Pink Elephant consultants have been helping customers comply with State and Federal business and privacy regulations for more than a decade. Working as either a full-service consultant, or as an adjunct to your in-house teams, Pink Elephant will execute our phased compliance readiness process to ensure that the business meets or exceeds your compliance requirements.
- Creating a comprehensive information security policy.
- Performing an audit to determine current level of regulatory compliance.
- Providing remediation for vulnerabilities detected on your systems.
- Advising your company on specific steps needed to achieve compliance.
- Deploying security infrastructure to encrypt email messages automatically.
- Encrypting your company’s laptops and other mobile devices.
- Securing your primary security infrastructure, including firewalls, VPN access, anti-phishing, and tools to protect against malicious code.
PINK ELEPHANT APPROACH
Pink Elephant provide support and guidance in the achievement of the ISO/IEC 27001 quality standard through the following approach:
VISION: WHERE DO WE WANT TO BE?
Our Consultants will assist you in:
- Defining the proposed scope of your ISO/IEC 27001 project
- Creation of your ISO/IEC 27001 scoping statement
- Defining the Communication and Training Strategy
- Start you on the journey that is ISO/IEC 27001, at its core is continuous process improvement
ISO 27001 ASSESSMENT: WHERE ARE WE NOW?
Our Consultants will provide:
- A ‘current state’ ISO 27001 Assessment against the ISO/IEC 27001 standard
- An inventory of non-compliances to be corrected before formal certification should be considered
PLAN: HOW WILL WE GET THERE?
The provision of:
- Professional programme and project management
- Prioritisation of non-compliance activities
- A practical approach and plans for obtaining ISO/IEC 27001 accreditation
BUILD & TRANSITION: HOW WILL WE REALISE OUR VISION?
We will assist you with:
- The design, creation or improvement of your processes and security controls in line with the standard
- The successful implementation and integration of:
- Coaching and mentoring support for the people involved
- On-going support through the formal assessment process by the Registered Certification Body (RCB)
CONTROL: HOW CAN WE KEEP YOU ON TRACK?
- Expert advice, coaching and mentoring
- Continued assessment and assistance to help support the continual improvement requirements as mandated by ISO/IEC 27001 Certification
WHO MUST COMPLY:
Certified compliance with ISO/IEC 27001 by an accredited and respected certification body is entirely optional but is increasingly being demanded from suppliers and business partners by organisations that are (quite rightly!) concerned about the security of their information, and about information security throughout the supply chain or network.