La certificazione ISO27001

Transcription

1 13 August 2010 La certificazione ISO27001 Driver di crescita e caso di successo di una PMI italiana LUIGI BRUSAMOLINO CISM, CRISC Managing Director Southern EMEA - BSI NICOLA MASSERONI Responsabile GRC - FabbricaDigitale The British Standards Institution 2010

2 2 Who is BSI? 10 Fast Facts Founded in 1901 Global independent business services organization No owners/ shareholders all profit reinvested into business Standards assessment, testing certification, training, software National Standards Body in the UK #1 certification body in the UK and USA >2,500 staff and >50% non-uk 52 offices located around the world 80,000 clients in 147 countries 222.8m revenue in 2009

3 3 What we do Set innovative standards that are used throughout the globe Provide all the information and training relating to standardization that businesses need to succeed in their competitive markets Businesses rely on us to keep improving the way they run with good management processes and enterprise solutions Independently test and verify products and services to ensure that they are up to the job in terms of performance specification and safety Everyday worldwide, people use and rely on goods and services that have been designed, certified, tested or verified relying on BSI.

4 4 Operations in 147 Countries

5 Global 52 Offices Presence Worldwide Monza, Padova London 5 Washington Beijing Worldwide Offices Roma (2012) Mexico City Sao Paulo New Delhi Singapore Sydney

6 6 OUR SERVICES

7 7 Our portfolio of services Assessment and Certification Training Governance, Risk and Compliance Testing services Healthcare Services

8 8 BSI Assessment and Certification A Global Market Leader Leading global certification body with over 69,000 certified locations and clients in over 140 countries A leader in the training, assessment and certification of: Information Security ISO/IEC IT Service Management ISO/IEC Business Continuity BS Quality ISO 9001 Environmental Management ISO Aerospace AS9100 Health & Safety OHSAS Energy Management BS EN 16001/ISO50001

9 9 BSI Assessment and Certification What we do: Information and guidance Assessment and Gapanalysis Second and third-party auditing and verification Certification Continual assessment and strategic reviews Business improvement tools, performance benchmarking and software solutions BSI methodology

10 Customer journey 10 BSI Training We offer various types of training including: Awareness Training Implementation Training Auditor Training Our delivery options: Public training courses In-house training course e-learning courses Awareness Training Implementatio n Training Auditor training Convenzione AIEA BSI 2011

11 BSI Governance, Risk & Compliance (GRC) 11 Entropy Software A turn-key solution that provides the management system framework for fully functional integrated and auditable management systems including: Environmental Management ISO Health & Safety Management OHSAS Quality Management ISO 9001 Information Security Management ISO/IEC Supplier Compliance Management (C-TPAT & AEO) and other management systems standards

12 12 What is Entropy Software? Entropy Software is a web-delivered solution which builds a fully functional and auditable environment that can integrate effective management with governance, risk and compliance.

13 BSI Testing Services Products 13 KITEMARK CERTIFICATION c 400 Kitemark schemes in fire, construction, electrical, personal safety transport and services sectors including new Energy Reduction Verification. c 2,500 Kitemark licence holders CE MARKING CE marking required to sell or transport many products in Europe BSI is a Notified Body for 15 EU Directives Not a quality mark but legal requirement for many products in Europe PRODUCT TESTING: Manufacturers sometimes just want to test their product in R&D stage and BSI can test to a manufacturers specification as well as British, European and International Standards Direct Testing results in a highly-valued BSI Test Report not a certification licence

14 14 ISO facts and future trends

15 World Market and BSI share ISO (2009 ISO Survey) Total Market BSI CAGR market: 31% Last year growth market: 40% BSI Current Share: 59% Page STRICTLY CONFIDENTIAL

16 Other standards standard in development in development ISO/IEC Guidelines for information security management systems auditing (2011) ISO/IEC Guidance for auditors on information security management systems controls (2011) ISO/IEC Information security management for inter-sector and inter-organizational comms (2012) ISO/IEC Guidance on the integrated implementation of and (2012/2013) ISO/IEC Information security governance (ISG) framework (2012/2013) ISO/IEC Information security management guidelines for financial and insurance services (2012/2013) ISO/IEC Guidelines for cyber-security (2012/2013) ISO/IEC Information technology - IT Network security (6 parts) (5 parts to follow ) ISO/IEC Guidelines for application security (2012/2013) 16 ISO/IEC Information security incident management (2012/2013) ISO/IEC Guidelines for security of outsourcing (2012/2013) ISO/IEC Guidelines identification, Collection/Acquisition and preservation of digital evidence (2012/2013) ISO/IEC Specification for Digital Redaction (2013)

17 Future trends in Information Risk / Governance? 17 Government move towards shared services Cloud computing (SaaS) Greater outsourcing / off-shoring Increased use of mobile working Consumerisation Growth in use of social media Proliferation of unstructured content (> need for e-discovery) Heightened regulatory oversight (new privacy / DP directives) Societal response to surveillance state (biometrics)

18 Future areas for standardisation 18 Cloud Computing (new ISO/IEC Study Group) ongoing review of current concepts, characteristics, definitions, types and components used in Cloud Computing comparison of Cloud Computing to related technologies mapping of existing consortia activity Report (expected to identify new pieces of work for standardization) due in September 2011

19 19 BSI/RSM Survey 2011

20 20