The Information Security Management System (ISMS – specification with guidance for use) enables the implementation of an efficient management system that is also oriented on the protection of information assets. The Information Security Management System is implemented so that the organization is able to assess risks and apply proper control and management mechanisms to maintain the confidentiality, integrity and availability of information. The primary goal is to protect the information assets of the organization to prevent information from getting to unauthorized persons or from being lost.
Today’s modern business is dependent on information technologies and systems. Besides business support, this also means that organizations are more vulnerable by the threat to their security. Information is an asset that like other important business assets has its value for the organization and must be protected in a suitable way. By identifying and classifying assets and evaluating their danger and vulnerability, every organization can select methods for the management of such risks to maintain the confidentiality, integrity and availability of information. This concerns the information of the respective involved parties such as in-house information, the information of clients, customers, suppliers, as well as shareholders, official authorities ,etc.
Certification in accordance with the ČSN ISO/IEC 27001 (based on an international standard focused on ISMS) is applicable in any organization, namely in all areas of production or provided services. The ČSN ISO/IEC 27001 standard is a standard with consistent process orientation and application of Deming’s “PDCA” principle. ISMS certification is objective evidence through which the owners and management of a certified organization confirm to their owners, employees, customers and other involved parties that they not only assume responsibility for information security, but also declare fulfillment of their commitment that applied principles in behavior and approach to information security are an integral part of business.
Today, certification in accordance with the ČSN ISO/IEC 27001 is essential in many fields of business. Certificates are required in business relationships and increase the trustworthiness of the organization. Fulfillment of the requirements of the ČSN ISO/IEC 27001 standard is also the basis for other management system certifications or for certain branch/professional certifications.
Information security and the ISO/IEC 27001 standard do not just apply to information technologies. Just as in quality management systems, environmental management systems or occupational health and safety systems, the information security management system includes management, policy, organization, as well as regular reviews. Demanding parts of the ISMS system include, for example, an analysis of the value of owned assets in the IT area, risk analysis in relation to information, information risk management, declaration of information security and other procedures.
- For ensuring and improving the occupational health and safety system adopted at all levels and by all positions in the organization, especially top management.
- Proving systematic reduction of risks or dangers that endanger the safety and health of all persons affected by the organization’s activities, products or services.
- Demonstrating your approach to OHS, even in communication with customers, investors, the general public, state and private institutions and other concerned parties
- Realizing your own responsibility for OHS
- Improving business trustworthiness for investors, banks and insurance companies
- Savings on fines and other sanctions related to incidents in the field of OHS
- Profile / Image / Corporate culture
- Employee motivation
- Timely recognition of OHS-related problems
- Competitive advantages
- Reduction of the incidence of occupational diseases and work injuries
- Increasing performance and subsequent reduction of the accident rate and downtime
- Minimization of costs related to workplace accidents
- Showing a commitment to fulfilling legislative and regulatory requirements concerning occupational health and safety
- Developed self-controlling system responding flexibly to changes of legal and other requirements, regulations and safety requirements, as well as changes within the organization (e.g. new technologies, organizational changes, etc.)
Basic standards for the environmental management system are divided into:
ČSN OHSAS 18001 – Occupational health and safety management systems – Requirements
OHSAS 18001 – Occupational health and safety management systems – Specifications
OHSAS 18001 specifies requirements for the occupational health and safety management system that organizations can use for internal application, certification or for contractual purposes.
OHSAS 18002 – Directive for the introduction of OHSAS 18001
Standard OHSAS 18002 gives a guideline for implementation of OHSAS 18001.