 |
| Implementation and Accreditation of an Information Security Management System (ISMS) - ISO 27001:2005 Standard |
|
Situation
RICOH is a world-leading corporation that needs to protect its information assets such as plans, strategies, and related technologies, as well as protecting the information of the its clients and business partners. This is why they decided to implement a global certification project for all of the company's branches throughout the world using the ISO 27001 standard for implementing an information security management system.
This success case covers the results obtained in the Latin America region.
Solution This huge project began with a pilot project for RICOH's Distribution Center for South America (RSADC) located in the Zona América technology park in Montevideo, Uruguay.
After a very demanding selection process DATASEC was selected to provide consulting to implement and certify an information security management system based on the ISO 27001 standard.
Together with the supervising RICOH techs from New Jersey, USA, DATASEC developed and adapted an organic and documented Information Security Management System with the valuable support of the RSADC team lead by Mr. José Canosa.
The developed system (save for a few minor details) was deemed compliant by an internal audit performed by a third party and later on was awarded on late 2006 the ISO 27001 certification after successfully completing a demanding audit performed by the corresponding certifying body: the very same BRITISH STANDARDS INSTITUTE.
Pleased with the results, the RICOH manager for the region Mr. Daniel Gil decided to entrust to DATASEC with the implementation of a similar system for all eleven Latin American branches and later on for the regional headquarters in charge of all the Latin America branches located in Miami, USA, using the IT support DATASEC's software tool MEYCOR KNOWLEDGE PROVIDER (KP).
Benefits The implementation of a management system that addresses information security based on the ISO 27001/ISO 17799 standards and the Deming Cycle, enabling the organization to protect critical information and to improve key business perspectives.
Based on the results of the risk analysis performed, the organization can now manage risks using a cost-benefit approach to evaluate the controls used to mitigate risks related to information integrity, availability, and confidentiality.
Conclusion In line with the structural needs of a multinational corporation that successfully competes in the information and knowledge age, RICOH was able through this project to protect its most valuable asset: information.
In addition to this other strategic objectives were addressed:
Adapting the internal processes to the threats posed by a competitive environment.
Creating and developing human resources.
Implementing information security management systems for all the Latin American offices that will be continuously developed and improved upon with the support of the Meycor KP software tool.
|
|
Summary:
Countries: Uruguay, Argentina, Brazil, Chile, Mexico, Costa Rica,
Colombia, Dominican Republic, Puerto Rico, El Salvador, Guatemala,
Panama, USA.
Contact: Mr. José Canosa
Industry: Electronics
Customer Profile: Powerful Japanese multinational company leader in
office automation, particularly in the industry of multi-functional
photocopiers, printers, scanners, fax machines and several other
electronic devices.
Situation: The company needed to carry out a global certification
project in Latin America for the ISO 27001 standard regarding the
implementation of an Information Security Management System to help
protect the company's intellectual property assets.
Benefits: Improved the practices regarding the integrity, availability
and confidentiality of critical business, operative and research data
used by the company in the Latin American region.
|
|
|
versión en español
