ISMS / ISO27001

Be certified within planned time and budget for ISMS and establishing a solid base for managing personal data compliance

About - ISMS / ISO27001

Scope of Services This project aims to achieve the following business objectives through the following:
  1. Review old policy and objectives & set new Security Policy & Objectives and enhance security in call centre activities
  2. Provide awareness workshop on requirements for the ISMS Implementation committee, HOD’s and managers
  3. Provide Risk Assessment based on ISO 31000 workshop for the Department Representatives for ISO 27001 scoped risk assessment
  4. Assist the ISMS representatives to assess the risks as per ISMS & PCI requirements
  5. Assist ISMS committee and representatives to understand the new control objectives and controls
  6. Fully write the documentation to define and document the risk analysis methodology and procedures and amend the necessary documents to comply to the requirements for the  standard
  7. Provide the necessary BIA, Risk assessment tool and RTP templates and assist in the filling of the forms based on business processes.
  8. Provide all necessary documents, templates and forms to ensure compliance to ISO 27001 and PCI DSS
  9. Carryout the required Internal audit workshop and conduct live internal audit for the new version with the internal auditors
  10. Conduct the necessary penetration and vulnerability assessments for the IT systems and applications
  11. Conduct Approved Vendor Scanning on a quarterly basis and QSA auditing services for complying to PCI DSS requirements.
  1. Security Manual
  2. Risk Register
  3. Risk Assessment Procedure
  4. Statement Of Applicability
  5. Business Impact Analysis & Business Continuity Plan and Disaster Recovery Plan for IT
  6. Competency Training & Analysis Procedure
  7. Incident Management
  8. Required SOP
  9. Legal & Statutory Requirements register
Objectives The project aims to complete the mentioned scope within 5 months from the start of the project. Outcome The project aims to obtain the following:
  • Increase work-force security practices
  • Be fully compliant to ISO 27001
  • Assurance of security in services and products by ISO compliance
  • Be certified within planned time and budget for ISMS and establishing a solid base for managing personal data compliance
  Implementation Activities :
  Item No                      Key Activities Deliverables
      1                            Buy-In     Presentation: 1. Basic introduction to ISMS for Top Management  
       2        Gap Analysis, BIA   and       Risk Analysis   2.       Gap Analysis Report 3.      Project Plan 4.      Final Asset Register 5.      Final Risk Register    
      3   Verification & Documentation Check         6. Information Security Policy Draft 7. Information Security Policy 8. ISMS Policy Manual 9. Process Documents 10. Statement of Applicability Document (SOA)
          4 Implementation, Monitoring And Vulnerability/ Sys Hardening (ASV exercise for PCI DSS)     11.  ISM Incident Management Process 12.  BIA, BCP, DR Document 13.  ISM CAPA Process 14.  ISM Controls Monitoring Process 15.  ISM Internal Audit Process 16.  RTP Document 17.  Pen Test & VA report
Integration with existing standards BCP, DR Drill 18.  Security Manual 19.  Drill Report
                 Internal ISMS Audit             and Management Review   20.   Internal Audit finding Presentation & Report    
  5                               Final Preparation 21.  Corrective & Preventive Action
Stage 1 & Stage 2 Audit by Certification Body 22.        ISO 27001 Certificate 23.       PCI DSS Compliance Certificate