GETTING STARTED
INFORMATION SECURITY
COMPLIANCE

If you handle information on behalf of other organisations (your customers) then you may be asked to produce a risk management compliance statement.

Typical service providers that handle information on behalf of other organisations:

outsourced information systems provides
accountants
financial advisers
business process outsources
advisers
auditors

The most universal standard for information systems risk management is ISO/IEC 27001. There is also the SSAE16/ISAE3402 (formerly SAS70) standards.

As your system is based on ibCom mydigitalstructure, you can use the ibCom Statement of Applicability (SOA) to ISO/IEC 27001 as the basis for your own SOA - similar to how ibCom uses the Amazon Web Services SOA.

Each statement is layered on top of the next to build the trust for the customer.

ISO/IEC27001 Template	Excel Template
Implementing a ISMS	@sec: ISMS-Implementation-Guide-and-Examples.pdf

ISO/IEC 27001

ibCom ISO/IEC 27001 Statement of Applicability

GETTING STARTEDINFORMATION SECURITYCOMPLIANCE

GETTING STARTED
INFORMATION SECURITY
COMPLIANCE