In order to become certified, Ava Security has built a comprehensive Information Security Management System (ISMS), an overarching method of managing data, and best protection practices.
This requires organizations to implement controls to manage and monitor security services in a number of areas:
- Information Security Policies
- Organization of Information Security
- Human Resource Security
- Asset Management
- Access Control
- Cryptographic Control
- Physical and Environmental Security
- Operations Management
- Communications Security
- Security acquisition, development, and maintenance
- Supplier relationships
- Information Security Incident Management
- Information security aspects of business continuity management
We started building our ISMS two years ago and it was a comprehensive project involving many people from cross-functional teams across the company.