ISO 27001 Implementation and Process Definition Consulting

The following documents will be provided by the ISO 27001 Consultant based on the ISO 27001 model requirement.

• Procedure for Document and Record Control– procedure prescribing basic rules for writing, approving, distributing and updating documents and records.
• Procedure for Identification of Requirements – procedure for identification of statutory, regulatory, contractual and other obligations
• Scope of the Information Security Management System – a document precisely defining assets, locations, technology, etc. thatare part of the scope.
• Information Security Policy– this is a key document used by management to control information security management.
• Risk Assessment and Risk Treatment Methodology– describes the methodology for managing information risks.
• ISO 27001 Risk Assessment Table– the table is the result of assessment of asset values, threats and vulnerabilities.
• Risk Treatment Table– a table in which appropriate security controls are selected for each unacceptable risk.
• ISO 27001 Risk Assessment and Risk Treatment Report – a document containing all key documents made in the process of risk assessment and risk treatment.
• ISO 27001 Statement of Applicability– a document that determines the objectives and applicability of each control according to Annex A of the ISO 27001 standard.
• Procedure for Internal Audit– defines how auditors are selected, how audit programs are written, how audits are conducted and how audit results are reported.
• Procedure for Corrective Action – describes the process of implementation for corrective and preventive actions.
• Form for Management Review Minutes– a form used to create minutes from the management meeting held to review ISMS adequacy.
• ISO 27001 Risk Treatment Plan– an implementation document specifying controls to be implemented, who is responsible for implementation, deadlines and resources.

During ISO 27001 Implementation or ISMS and BC systems, the following policies will be provided.

• Business Continuity Management Policy– sets a basic framework for the BCMS, determines the scope and responsibilities.
• Business Impact Analysis (BIA) questionnaires– analysis of qualitative and quantitative impacts on business, of necessary resources, etc.
• Business Continuity Strategy– defines critical activities, inter dependencies, recovery time objectives, strategy for managing and ensuring business continuity, strategy for recovering resources, strategy for individual critical activities.
• Business Continuity Plan– a detailed description of how to respond to disasters or other business disruptions, and how to recover all critical activities.
• Training and Awareness Plan– a detailed overview of how employees will be trained to execute planned tasks, and how they will be made aware of the importance of business continuity.
• Business Continuity Exercising and Testing Plan– describes how plans will be exercised and tested with the objective of identifying necessary corrective actions and improving the plan.
• BCMS Maintenance and Review Plan– a detailed overview of how plans and other BCMS documents should be maintained to ensure their functioning in the case of business disruption.
• Post-incident Review Form– a form used for reviewing effectiveness of plans after an incident.