Home	About Gamma	Tour our Web Site	Events	White Papers	Services	Visitors' Book	How to contact us
				IMS	Internal Control	ISMS	Smart Cards	Common Criteria

So you have defined the scope of your ISMS and your ISMS policy, and you have carried out your risk assessment/treatment processes.  How do you produce the SOA (statement of applicability)? What about those controls that don't seem to be covered by the standard? Do you face a particularly challenging security conundrum?

Your response - ask Gamma to help you design your information security systems and to produce your SOA

The need for a special security design ought to have been discovered during the risk assessment / risk treatment stage of the ISMS design process.  Our understanding of why the current risks are unacceptable to you will guide our solution towards one that will reduce the risks to an acceptable level.  Particular conundrums that we have solved include: 

Connecting islands of classified processing over an unclassified LAN, without changing any of the unclassified legacy systems.
Making an 'Orange Book' B1 product print an unclassified file correctly labelled as unclassified during a classified session.
Ensuring that once a financial analyst has legitimately gained access to a client's price sensitive information, he cannot gain access to a competing client's price sensitive information.

Our SOAs link back to the policy statements and/or risk events that give rise to the need for the control (or if the control is unnecessary, explain why it is unnecessary). Our SOAs also link forwards to the actual procedures that are used to implement the control.  This implementation technique is highly effective in a web-base intranet environment.  We often use colour-coding to indicate the status of the controls (e.g. under development).

Your next move

... simply contact David Brewer. Why not do it now!