Information / Fees / Flow
Advantage of MASON's ISO27001 Acquisition Support
- Top level experience with clients in the information systems industry.
- An in-depth security knowledge and knowledge with the information systems industry allow MASON to build a management system that is customized to the customers’ actual business situation.
- Support for certification by security consultants and auditors from leading companies.
- MASON's consultants have an extensive experience in security consulting and auditing for the information systems and manufacturing industries.
- MASON provides consulting services that minimize the customers' man-hours.
- MASON's customers shared their concerns regarding the number of man-hours. MASON is committed to achieving 100% ISO27001 certification with a support structure that allows our clients to continue their current operations.
What is ISO27001 (ISMS)?
ISO/IEC 27001 is one of the leading international standards for information security management systems (ISMS).
ISMS Conformity Assessment System
ISMS
This is a system in which a third party evaluates and certifies that the established ISMS conforms to ISO 27001/JISQ 27001. Once conformity to the "ISMS Conformity Assessment System" is determined, ISMS certification is obtained. Customers are required to receive a maintenance audit annually and certificate renewal audit triennially by a third-party certification organization.
Standards used as criteria
The requirements for information security management systems are based on the international standard ISO/IEC 27001 or the Japanese Industrial Standard JIS Q 27001. There is no limitation on the type of industry or business category that can be certified and any organization can maintain. It is an organizational framework for firmly managing the three major requirements of information security: confidentiality, integrity, and availability of information.
It is important to balance the "confidentiality," "integrity," and "availability" of information assets when considering security measures, and is also referred to as the "three elements of information security”.
Benefits of Acquisition
1. Minimizing security risks
ISO 27001 allows for an inventory of information assets, thus clarifying the criticality of the confidential information assets to be covered. By taking measures to prevent security breaches for those highly confidential information assets, it is recommended to strengthen the company's security level. As a result, security risks are minimized.
2. To increase credibility and customer satisfaction
Incorporating the requirements of global standards and reflecting them in the company's security policies and these standards will help customers feel secure in sharing confidential information. Therefore, it can be said that acquiring ISO27001 certification will directly improve customer satisfaction.
3. Increasing employees' awareness of information and strengthening compliance
Since strict rules are set and training is conducted to prevent information leaks and other related risks, it can be expected that awareness of information security and clarification of tasks regarding the handling of information can be improved. Internal communication will be facilitated and it will be clarified who is doing what.
ISO27001 (ISMS) Document Structure
MASON will assess the current situation and create deliverables from top to bottom.
ISMS (ISO27001) Certification Flow
The minimum consultation period for ISO certification is 4 months.
| 1. Establishment of ISO System |
|
|---|---|
| 2. Review of ISO operation |
|
| 3. ISO27001 External Audit |
|
| 4. Acquisition of ISO27001 certification and issuance of certificate of registration. | |
| 5. Post-ISO27001 Audit |
|
MASON Service Plans
MASON offers three service plans to meet your needs and budget.
* If the customers would like an immediate acquisition, MASON can obtain certification in as short as 3 months (Some prerequisites may apply.)
1. Standard Plan
Document preparation service
Recommended if the customers want to minimize costs and reduce workload.
| Service Fee | period |
|---|---|
| 780,000 yen | 3 months (minimum) |
2. Full Outsource plan
One year of reliable support after ISO27001 certificate acquisition.
Recommended if the customers are anxious about maintenance audits after obtaining ISO certification and want to establish ISO operations in-house.
| Service Fee | period |
|---|---|
| 1,380,000 yen | Approx. 3 months (Obtaining certification) 12 months (Recurring Audit) |
Security Practices Enhancement Plan
MASON will not only obtain ISO27001 certification, but also plan, execute, and monitor the information security measures necessary for the customers’ business. In addition, vulnerability assessments and penetration tests can be conducted upon request during the planning phase.
Comparison of ISO27001 Acquisition Services
| MASON | Competitors | |
|---|---|---|
| Acquisition Guarantee |
100% certification guaranteed
|
Guarantee with conditions
|
| Number of visits |
Unlimited
|
Limited number of visits
|
| Visiting Hours |
Visits available after 6:00 p.m. on weekdays, weekends, holidays, etc.
|
Weekday business hours only
|
| Documentation Policy |
Conduct interviews to understand the company's current status, etc., and create various documents based on the information gathered.
|
Adapt the standard model and the rules.
Difficulty in developing a Quality management system that meets the customers' needs.
|
| Documentation |
MASON prepares all major documents, minimizing the burden on the customers.
|
Customers revise and rename the sample documents from other companies.
|
| ISO Auditors |
Active ISO 27001 auditors on staff
Extensive experience in ISO 27001 audit attendance
|
Consulting firms with only external auditor qualification in external audits.
|
| Consultants |
All consultants are SME diagnosticians and from major consulting firms.
Schedule and deliverable images are very clear at the time of the proposal.
|
Retired consultants from Quality Control departments become contractors.
Specific deliverables cannot be clarified before the consultation.
|
| Post-acquisition support |
Acting as ISO secretariat for annual audits.
One year of post-acquisition ISO operation and training for employees.
|
Many consulting services are only for acquisition.
After acquisition, the follow-up services are visitations and consultations only.
|
ISMS (ISO27001) Operation Improvement Consulting
The most important aspect of ISO 27001 is its operation after acquisition. The rules established at the time of acquisition must be properly adapted to the company's condition and the global standard. This situation leads to multiple concerns such as uncertainty about operational decisions or lack of knowledge on which rules should be reformed.
Therefore, MASON has prepared "ISO Operation Improvement Consulting" as an operation improvement plan. This ISO operation improvement consulting service which utilizes our knowledge and experience can provide three benefits to the customers.
Effectiveness of ISO Operation Improvement Consulting
- Reduced internal costs
- Integration reduces in-house man-hours required for maintenance. In one case, we achieved a man-hour reduction of nearly 30%.
- Significantly reduced number of pages in manuals
- In one case, a manual totaling nearly 100 pages was reduced by nearly 70%.
- Establishment of a management system in line with the current situation
- Establishment of an integrated management system that can be operated according to the current level of your company. We realize a system that enables continuous business improvement.
Full support system for ISO operation improvement consulting.
- Unlimited consultation on operational concerns via e-mail and telephone.
- Customers can consult MASON with any questions or concerns related to the operation of ISO by e-mail without limitation.
- Outsourcing of the ISO secretariat eliminates the risk of overlooking tasks through reduced volume of workload.
- When the monthly task to be implemented, as determined by an internal document, comes around, the customers will receive an email confirming the implementation of the task. This eliminates the risk of overlooking the monthly ISO activities.
- Can be applied for items pointed out during inspections.
- The customers no longer have to worry about points raised during audits. MASON's consultants are always available for consultation so they can respond even at short notice.
- Customers can select the kind of support needed.
- MASON provide on-site support for employee training and internal audits that must be conducted in the course of ISO operations.
* Visiting support course
MASON provides services tailored to the customers' needs. Please contact us.
- Inquiries and consultation by phone: +81-3-6425-6735 Business hours 9:00 am - 6:00 pm
- Click here for inquiries, consultation, and estimate request by e-mail.
MASON offers a variety of services!
ISO27017 (Cloud Security) Double Certification Service
While obtaining ISMS/ISO27001 certification, MASON will simultaneously obtain ISO27017 which is the information security standard for the use and provision of cloud services.
ISO27701 (Privacy Information) Double Certification Service
We will simultaneously acquire ISO27017 certification, a highly GDPR-compliant standard for the use and provision of privacy information, in addition to ISMS/ISO27001 certification. Unlike the P Mark, the scope of certification can be limited.
