Information Security Management System for Lankem Ceylon PLC

Abstract

ABSTRACT Lankem Ceylon PLC is a well-established public listed company in Sri Lanka involved in manufacturing and distribution of Agro chemicals, Paints, Industrial chemicals, Bitumen and consumer products. Lankem was created by Royal Dutch Shell in 1964. It was initially set up as an agro chemical business. As Sri Lanka started encouraging local ownership, the company acquired local investors and was listed on the Colombo Stock Exchange. Lankem Ceylon IT Department adopted ISO/IEC 27001:2013 Information Security Management standard in October 2016. Since the certification is audited and reviewed by Bureau Veritas, UK on regular intervals. Information Security Team should maintain various documents (Polices, Procedures), logs (Backup logs, Disaster recovery drill, Fire Evacuation drill, Server Monitoring logs, Server room access log, and etc.), Information Security Incident reporting and etc. Currently all the information’s are maintained in Hard Printed copies and MS Excel. With the developed web-based Information Security Management System, All the information related to ISO/IEC 27001 will be maintained electronically and organized in a way to enable easy access to Information Security information for Internal IT Auditors, External IT Auditors, Bureau Veritas ISO27001 Auditors, Information Security Team, Information Security Steering Committee and Users. Developed system achieved the client’s expectation of automating certain process of Information Security Management such as Incident management operations can be managed, Information Asset’s can be managed in the system, Security Logs can be managed, and ISO 27001 related documents can be managed electronically. System was developed entirely on open-source platform so its aligned with the information technology strategy of the Client. Benefit of the developed system are Paperless Information security management and Open-Source system with potential of adding new functionality to the system.