ISMS / ISO27001
Be certified within planned time and budget for ISMS and establishing a solid base for managing personal data compliance
- Scope of Services This project aims to achieve the following business objectives through the following:
Review old policy and objectives & set new Security Policy & Objectives and enhance security in call centre activities
Provide awareness workshop on requirements for the ISMS Implementation committee, HOD’s and managers
Provide Risk Assessment based on ISO 31000 workshop for the Department Representatives for ISO 27001 scoped risk assessment
Assist the ISMS representatives to assess the risks as per ISMS & PCI requirements
Assist ISMS committee and representatives to understand the new control objectives and controls
Fully write the documentation to define and document the risk analysis methodology and procedures and amend the necessary documents to comply to the requirements for the standard
Provide the necessary BIA, Risk assessment tool and RTP templates and assist in the filling of the forms based on business processes.
Provide all necessary documents, templates and forms to ensure compliance to ISO 27001 and PCI DSS
Carryout the required Internal audit workshop and conduct live internal audit for the new version with the internal auditors
Conduct the necessary penetration and vulnerability assessments for the IT systems and applications
Conduct Approved Vendor Scanning on a quarterly basis and QSA auditing services for complying to PCI DSS requirements.
- Please contact us directly for more details.
DAY1
Implementation Activities
Key Activities: Buy-In
Deliverables:
Presentation: 1. Basic introduction to ISMS for Top Management
Key Activities: Gap Analysis, BIA and Risk Analysis
Deliverables:
Gap Analysis Report
Project Plan
Final Asset Register
Final Risk Register
Key Activities: Verification & Documentation Check
Deliverables:
Information Security Policy Draft
Information Security Policy
ISMS Policy Manual
Process Documents
Statement of Applicability Document (SOA)
Key Activities: Implementation, Monitoring And Vulnerability/ Sys Hardening (ASV exercise for PCI DSS)
Deliverables:
ISM Incident Management Process
BIA, BCP, DR Document
ISM CAPA Process
ISM Controls Monitoring Process
RTP Document
Pen Test & VA report
Key Activities: Integration with existing standards BCP, DR Drill
Deliverables:
Security Manual
Drill Report
Key Activities: Internal ISMS Audit and Management Review
Deliverables:
Internal Audit finding Presentation & Report
Key Activities: Final Preparation
Deliverables:
Corrective & Preventive Action
Key Activities: Stage 1 & Stage 2 Audit by Certification Body
Deliverables:
ISO 27001 Certificate
PCI DSS Compliance Certificate
DAY2
DAY3
DAY4
DAY5
What are the course objectives?
- Output
Security Manual
Risk Register
Risk Assessment Procedure
Statement Of Applicability
Business Impact Analysis & Business Continuity Plan and Disaster Recovery Plan for IT
Competency Training & Analysis Procedure
Incident Management
Required SOP
Legal & Statutory Requirements register
- Objectives
The project aims to complete the mentioned scope within 5 months from the start of the project.
- Outcome
The project aims to obtain the following:
Increase work-force security practices
Be fully compliant to ISO 27001
Assurance of security in services and products by ISO compliance
Be certified within planned time and budget for ISMS and establishing a solid base for managing personal data compliance
Who should take the course?
Who is your trainer for the program?
We offer the following options:
- Cash
- HRDF Claimable
- Maybank Ezpay (Up to 24 months @ 0% Interest)
- CIMB Easy Pay (Up to 12 months @ 0% Interest)
- Cash Installment (Case by case basis)