ISMSRAT

What is an Information Security Management System?
Information Security Management (ISM) is concerned with assessing, identifying and treating security risks to business information, and to reduce those risks to an acceptable level through the implementation of security controls. It is important that the approach taken to ISM is appropriate to the business, and that the selected security controls are operationally effective in supporting business information processing.
An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems. ISO/BSI published a code of practice for these systems, which has now been adopted internationally as ISO/IEC 27001:2005.
ISM projects are often carried out with the objective of achieving compliance / formal certification against BS 7799 / ISO 27001, either for competitive advantage, or to meet customer, supplier or other third party assurance requirements.
Sanras ISMS – RAT (Documentation / Risk Analysis Tool)
The ISMS-RAT application is a result of research and feedback attained from Lead Auditors, ISMS Lead Auditors Trainers and some Senior Level executives of the Companies in the process of implementation of ISMS under ISO/IEC 27001.
Objective
Main Objective of the applications is to assist in the implementation of ISMS by offering a seamless set of procedures, policies, controls and assessment techniques with ease of use.
Prospective Market
ISMS-RAT is a software tool to help the organization to implement ISMS in their organization (commercial enterprises, government agencies, non-profit organization).
Organisations who are planning or have just completed the training of their team and are ready to implement.
Organisations practicing ISMS .
Organisations who want to upgrade from BS7799 to ISO/IEC27001:2005
Here are some key features of "ISMSRAT":
ï¿­ Listing Of Security Controls as per ISO/IEC 27001
ï¿­ Complete classification of Assets based on Information ,Software ,Service , Physical , Owner and Others
ï¿­ Listing of mandatory procedures, policies , records , reports , assessment methodology and scope to be documented in the ISMS document
ï¿­ Listing of mandatory procedures, policies , records , reports , assessment methodology and scope to be documented in the ISMS document
ï¿­ Listing of major vulnerabilities & threats which the organisation may be susceptible to
ï¿­ Traceability of Documents based on clause , control , owner , storage type and place of storage
ï¿­ Auto generation of SOA as per ISO/IEC 27001 requirement.
ï¿­ Risk Assessment based on the Confidentiality , Integrity and Availability of Information
ï¿­ Risk Treatment plan by enabling the user to automatically choose appropriate security controls to minimize the risk to expected value.
ï¿­ Preparation of Auditors checklist
ï¿­ Update of any item like Assets , Threat , Venerability
ï¿­ Review of Security Controls being practiced
ï¿­ Extremely user friendly and extremely open for modification/updation /addition
ï¿­ Classified Inventory of assets concerning to information security
ï¿­ Risk assessment
ï¿­ Risk treatment plan based on automated selection of controls in compliance with ISO/IEC270001:2005
ï¿­ Generation of Statement of applicability (SAO) which is the mandatory requirement to implement ISMS (Clause 4.3.1(i).
ï¿­ ISMS document traceability
ï¿­ Bring down the cost & time of ISMS Implementation