Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
13 August 2010
© The British Standards Institution 2010
La certificazione ISO27001Driver di crescita e caso di successo di una PMI italiana
LUIGI BRUSAMOLINO CISM, CRISC – Managing Director Southern EMEA - BSINICOLA MASSERONI – Responsabile GRC - FabbricaDigitale
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
2
Who is BSI? 10 Fast Facts
Global independent
business services
organization
Foundedin
1901
No owners/ shareholders…
all profit reinvested into
business
National Standards
Body in the UK
£222.8m revenue in
2009
>2,500 staff and
>50% non-UK
52 offices located around
the world
80,000 clients in
147 countries
#1 certification body in the UK
and USA
Standardsassessment, testing
certification, training, software
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
3
What we do
• Set innovative standards that are used throughout the globe
• Provide all the information and training relating to standardization that businesses need to succeed in their competitive markets
• Businesses rely on us to keep improving the way they run with good management processes and enterprise solutions
• Independently test and verify products and services to ensure that they are up to the job in terms of performance specification and safety
“Everyday worldwide, people use and rely on goods and services that
have been designed, certified, tested or verified relying on BSI.”
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
4
Operations in 147 Countries
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
5
Global Presence
Worldwide Offices
London
Singapore
Washington Beijing
New Delhi
Mexico City
Sao Paulo
Sydney
52 Offices WorldwideMonza, Padova
Roma (2012)
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
6
OUR SERVICES
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
7
Our portfolio of services
• Assessment and Certification
• Training
• Governance, Risk and Compliance
• Testing services
• Healthcare Services
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
8
BSI Assessment and CertificationA Global Market Leader
• Leading global certification body with over 69,000 certified locations and clients in over 140 countries
• A leader in the training, assessment and certification of:
Information Security – ISO/IEC 27001
IT Service Management – ISO/IEC 20000
Business Continuity – BS 25999
Quality – ISO 9001
Environmental Management – ISO 14001
Aerospace – AS9100
Health & Safety – OHSAS 18001
Energy Management – BS EN 16001/ISO50001
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
9
BSI Assessment and CertificationWhat we do:
• Information and guidance
• Assessment and Gap-analysis
• Second and third-party auditing and verification
• Certification
• Continual assessment and strategic reviews
• Business improvement tools, performance benchmarking and software solutions
BSI methodology
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
10
BSI Training
• We offer various types of training including:
Awareness Training
Implementation Training
Auditor Training
• Our delivery options:
Public training courses
In-house training course
e-learning courses
Custo
me
r jo
urn
ey
Awareness Training
Implementation Training
Auditor
training
Convenzione AIEA – BSI 2011
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
11
BSI Governance, Risk & Compliance (GRC)
Entropy™ Software
• A turn-key solution that provides the management system framework for fully functional integrated and auditable management systems including:
Environmental Management – ISO 14001
Health & Safety Management – OHSAS 18001
Quality Management – ISO 9001
Information Security Management – ISO/IEC 27001
Supplier Compliance Management (C-TPAT & AEO)
and other management systems standards
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
12
What is Entropy® Software?
12
Entropy® Software is a web-delivered solution which builds a fully functional and auditable environment that can integrate effective management with governance, risk and compliance.
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
131313
CE MARKING • CE marking required to sell or transport many products in Europe
• BSI is a Notified Body for 15 EU Directives
• Not a quality mark but legal requirement for many products in Europe
KITEMARK® CERTIFICATION • c 400 Kitemark schemes in fire, construction, electrical, personal safety
transport and services sectors including new Energy Reduction Verification.
• c 2,500 Kitemark licence holders
PRODUCT TESTING: • Manufacturers sometimes just want to test their product in R&D stage
and BSI can test to a manufacturers specification as well as British,
European and International Standards
• Direct Testing results in a highly-valued BSI Test Report not a certification licence
BSI Testing Services – Products
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
14
ISO 27001 facts and future trends
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
15
Page STRICTLY CONFIDENTIAL15
CAGR market: 31%
Last year growth market: 40%
World Market and BSI share ISO 27001 (2009 ISO Survey)
0
3000
6000
9000
12000
0
3000
6000
9000
12000
2004 2005 2006 2007 2008 2009
27001
Total Market BSI
BSI Current Share: 59%
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
16
• ISO/IEC 27007 - Guidelines for information security management systems auditing (2011)
• ISO/IEC 27008 - Guidance for auditors on information security management systems controls (2011)
• ISO/IEC 27010 - Information security management for inter-sector and inter-organizational comms (2012)
• ISO/IEC 27013 - Guidance on the integrated implementation of 20000-1 and 27001 (2012/2013)
• ISO/IEC 27014 - Information security governance (ISG) framework (2012/2013)
• ISO/IEC 27015 - Information security management guidelines for financial and insurance services (2012/2013)
• ISO/IEC 27032 - Guidelines for cyber-security (2012/2013)
• ISO/IEC 27033 - Information technology - IT Network security (6 parts) (5 parts to follow 2010-2012)
• ISO/IEC 27034 - Guidelines for application security (2012/2013)
• ISO/IEC 27035 - Information security incident management (2012/2013)
• ISO/IEC 27036 - Guidelines for security of outsourcing (2012/2013)
• ISO/IEC 27037 - Guidelines identification, Collection/Acquisition and preservation of digital evidence (2012/2013)
• ISO/IEC 27038 - Specification for Digital Redaction (2013)
27000 standards in developmentOther 27000 standard in development
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
17
Future trends in Information Risk / Governance?
• Government move towards „shared services‟
• Cloud computing (SaaS)
• Greater outsourcing / off-shoring
• Increased use of mobile working
• “Consumerisation”
• Growth in use of social media
• Proliferation of unstructured content (> need for e-discovery)
• Heightened regulatory oversight (new privacy / DP directives)
• Societal response to „surveillance state‟ (biometrics)
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
18
Future areas for standardisation
• Cloud Computing (new ISO/IEC Study Group)
ongoing review of current concepts, characteristics, definitions, types and components used in Cloud Computing
comparison of Cloud Computing to related technologies
mapping of existing consortia activity
Report (expected to identify new pieces of work for standardization) due in September 2011
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
19
BSI/RSM Survey 2011
© T
he B
ritish S
tandard
s I
nstitu
tio
n 2
010
20