– SSAE16 ISMS –
Most people are familiar with one or another type of ISO standard from their everyday life, where ISO 9000 and 9001 quality management certifications most likely are the standards, that most people are somewhat familiar with today.
Within information security the ISO/IEC 27001 ISMS is the defacto standard, whereto SSAE16 is a great step in the right direction of building an ISMS.
As most other ISMS standards it reaches widely into business of any company implementing the standard, since information security of today embraces most departments and functions in our everyday life.
Here are a few thoughts for you who either considering, or already has an older certification under the ISO/IEC 27001:2005 ISMS standard requirements, and instead wish to implement the SSAE16 ISMS standard.
There are a myriad of other issues that needs to be adressed in preparation of an ISMS.
However, the above thoughts of consideration hopefully gives you a little insight into the many aspects, that a company should either consider before initiating a renewal of an existing ISO/IEC 27001 ISMS or SSAE16 standard statement, to obtain certification based on the new regulations, or start building a brand new Information Security Management System.
We can help your company get started, and either prepare the entire set of documentation for you, based on interviews, analysis and data collection, or perform the same task in cooperation with those of your departments, who are involved in the project.
Most of our clients also ask us to help them with assisting in implementing the standard, after rewriting all of the existing data. In such cases our clients execute the role of reviewers, thereby testing that what we have written actually works and thus will be approved during an IT audit.
Please do not hesitate to contact us for further information about preparing your organization for SSAE16 ISMS.