• Did you know that more than 50% of the organizations
    follow an Ad-hoc change management process ?

    Did you know that more than 69% of the organizations don't have rollback plans
    for the changes that would be made before deployment ?

    Did you know that more than 73% of the organizations
    don't have a Business Continuity / Disaster Recovery Plan ?
  • Did you know 40% organization have not identified the applicable laws,
    regulations and compliance requirements relevant to their organization ?

    Did you know only15% of organizations perform a root cause analysis
    after the occurence of an incident ?

    Did you know that 65% of the organizations
    don't perform restoration tests of backup data ?

ISO 27001 Implementation

Information is a precious asset for an organization that can help you run the business successfully. If properly managed, you can operate the business in full integrity and confidence. Information management lets you grow and innovate in your business operations.

Our ISO 27001 package implementation helps including the products and services according to the needs in the business. We lend you a helping hand in cutting the cost involved for unnecessary products or services. Our IT security professionals help you designing the ISO/IEC 27001 Project Plan. By installing this information security standard plan, we can ensure you that security becomes the priority. By using this standard, you can make secure the key business information such as intellectual property, financial information, or employee details. It deals with employing the risk management process with people, processes and IT systems.

A five-phase execution, as illustrated below, will be followed to provide consultancy for establishing ISMS and achieving the desired ISO 27001:2013 certification.

  1. Meet the client project manager/coordinator, discuss and mutually agree on the proposed project plan
  2. Understand the organization, its departments, and processes within each department through a process of interviews and discussion with a cross section of the staff
  3. Identify the Information Security Forum & ISMS Implementation team
  4. Provide necessary templates and assist the implementation team to obtain the mandatory information as required by the standard
  5. Define Impact criteria
  6. Identify external & internal issues relevant to the establishment of ISMS in the organization
  7. Identify legal requirements that warrant information security to be established in the organization
  8. Review the existing physical security in the organization through a site survey
  9. Study the current security policies and practices of the organization. These will include: -- Personnel and Physical security practices logical security practices, network and operational practices -- System development security practices -- Business continuity practices -- Legal requirements

  1. Discussion with the implementation team for identification of process and risk owners.
  2. Perform risk assessment
  3. Formulate risk treatment plan
  4. Develop the Information Security Management System (ISMS) consisting of: -- High level Information Security Policy and Objectives -- Detailed domain specific Information Security Policies and Procedures -- Roles and Responsibilities
  5. Review, discuss and assist the implementation team in obtaining management approval of the policies
  6. Discuss the procedures with the implementation team for rollout
  7. Facilitate the first management review meeting of the information security forum for identified risks and mitigations
  8. Prepare a statement of applicability defining applicable controls to be implemented

  1. Prepare an implementation plan for implementing the ISMS controls
  2. Define security metrics that need to be measured
  3. Conduct Security awareness training for: -- Management forum -- Implementation team (train the trainer session)
  4. Provide remote support, if required, for the implementation of security controls
  5. Ensure adequacies of ISMS from certification point of view

  1. Conduct internal audit of ISMS implementation
  2. Report the non-compliance to Information Security Officer (ISO) or appropriate authority
  3. Assist in preparation of Corrective Action Plan
  4. Determine the readiness to face the external audit (Certification audit)

  1. Assist the client during the external audit to provide any clarifications required by the external auditor during the documentation review and field survey
  2. Prepare the corrective action plan, if required, to close the non-conformities as reported by the auditor