 
Information Security Management Systems Package
- Volume II, Model Terms for Certified Information Security Management Services
- INCITS/IEC/ISO 27001: 2005 Information Technology - Security techniques - Information security management systems - Requirements
To purchase the ISAlliance/ANSI Security Package II click the "buy now" button below.
The ISAlliance Model Terms for Certified ISMS is part of the Model Contracts Project.
The Problem:
ISO 27001 has already been mandated as a National Standard in Japan, over 1100 firms have already been certified! The same effort is underway in India and the United States is facing pending legislation (Sept. 11 Legislation, S.4) that may create a similar requirement. Such domestic and international requirements force corporations to comply with the prevailing global standards, in this case ISO 27001, to stay competitive.
For many thousands of companies, across tens of thousands of relationships, producing an agreement that properly addresses information security requirements is difficult, expensive, technically overwhelming and often ineffective at doing the job required to be done.
“One of the core problems with creating a global system of Internet security is that domestic efforts are inherently limited. We can transcend political boundaries and use the market to motivate improved security by relying on standards that have international agreement and domestic acceptance.”
~Bob Feghali, Vice President & Chief Information Officer, ANSI.
Not ISO 27001 Certified? Not to worry, the ISAlliance guide is just as useful for developing commercial agreements while you are in the process of becoming certified or if you are looking to improve your overall market status!
Who can benefit?
- Service providers, vendors, operators - 27001 certified or not
- Joint venture participants, customers
- Regulatory authorities
The Solution:
This package enables business executives, and their lawyers, to be more effective in addressing information security in commercial agreements with business partners, suppliers and customers.
The ISAlliance contribution is a uniform contracting structure designed around the prevailing global standard for managing information security: ISO/IEC 27001, the ANSI adopted version sold in this package.
"Contracting for Information Security in Commercial Transactions, Volume II follows along with the true spirit of why the international standards and the companies that use them are so successful…..Consistency of Process. It is well written and in a format that (unlike many “how to” books) is user friendly. I found it to me more of a true guidance document that can be used no matter where you are in the supply-chain and therefore supports using a standard methodology that can be scaled to fit any type of organization.”
~John A. DiMaria; Product Manager, Business Continuity, BSI Management Systems Americas~
The ISO/IEC 27001 standard provides an integrated framework in which individual information security controls can be coherently managed as part of a systematic approach to security that aligns business objectives more closely to overall business objectives.
About ANSI:
The American National Standards Institute is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system. The Institute is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC). Contact Stacy Leistner, ANSI 212.642.4931
|
