ISMS / ISO27001

Be certified within planned time and budget for ISMS and establishing a solid base for managing personal data compliance

  • Scope of Services This project aims to achieve the following business objectives through the following:

    Review old policy and objectives & set new Security Policy & Objectives and enhance security in call centre activities

    Provide awareness workshop on requirements for the ISMS Implementation committee, HOD’s and managers

    Provide Risk Assessment based on ISO 31000 workshop for the Department Representatives for ISO 27001 scoped risk assessment

    Assist the ISMS representatives to assess the risks as per ISMS & PCI requirements

    Assist ISMS committee and representatives to understand the new control objectives and controls

    Fully write the documentation to define and document the risk analysis methodology and procedures and amend the necessary documents to comply to the requirements for the standard

    Provide the necessary BIA, Risk assessment tool and RTP templates and assist in the filling of the forms based on business processes.

    Provide all necessary documents, templates and forms to ensure compliance to ISO 27001 and PCI DSS

    Carryout the required Internal audit workshop and conduct live internal audit for the new version with the internal auditors

    Conduct the necessary penetration and vulnerability assessments for the IT systems and applications

    Conduct Approved Vendor Scanning on a quarterly basis and QSA auditing services for complying to PCI DSS requirements.

  • Please contact us directly for more details.


Implementation Activities 

Key Activities: Buy-In 
Presentation: 1. Basic introduction to ISMS for Top Management

Key Activities: Gap Analysis, BIA and Risk Analysis 
Gap Analysis Report 
Project Plan 
Final Asset Register 
Final Risk Register 

Key Activities: Verification & Documentation Check 
Information Security Policy Draft 
Information Security Policy 
ISMS Policy Manual 
Process Documents 
Statement of Applicability Document (SOA) 

Key Activities: Implementation, Monitoring And Vulnerability/ Sys Hardening (ASV exercise for PCI DSS) 
ISM Incident Management Process 
BIA, BCP, DR Document 
ISM CAPA Process 
ISM Controls Monitoring Process 
RTP Document 
Pen Test & VA report 

Key Activities: Integration with existing standards BCP, DR Drill 
Security Manual 
Drill Report 

Key Activities: Internal ISMS Audit and Management Review 
Internal Audit finding Presentation & Report 

Key Activities: Final Preparation 
Corrective & Preventive Action 

Key Activities: Stage 1 & Stage 2 Audit by Certification Body 
ISO 27001 Certificate 
PCI DSS Compliance Certificate









What are the course objectives?

  • Output
    Security Manual
    Risk Register
    Risk Assessment Procedure
    Statement Of Applicability
    Business Impact Analysis & Business Continuity Plan and Disaster Recovery Plan for IT
    Competency Training & Analysis Procedure
    Incident Management
    Required SOP
    Legal & Statutory Requirements register

  • Objectives
    The project aims to complete the mentioned scope within 5 months from the start of the project.

  • Outcome
    The project aims to obtain the following:
    Increase work-force security practices
    Be fully compliant to ISO 27001
    Assurance of security in services and products by ISO compliance
    Be certified within planned time and budget for ISMS and establishing a solid base for managing personal data compliance

Who should take the course?


Who is your trainer for the program?


We offer the following options:

  • Cash
  • HRDF Claimable
  • Maybank Ezpay (Up to 24 months @ 0% Interest)
  • CIMB Easy Pay (Up to 12 months @ 0% Interest)
  • Cash Installment (Case by case basis)

Futureproof Yourself With Us!

Find Out More