ISO 27001:2013 INFORMATION SECURITY MANAGEMENT SYSTEM

WHAT IS ISO 27001:2013 INFORMATION SECURITY MANAGEMENT SYSTEM?

ISO 27001 is the international standard that is recognized globally for managing risks to the security of information you hold.

Certification to ISO 27001 allows you to prove to your clients and other stakeholders that you are managing the security of your information. ISO 27001:2013 (the current version of ISO 27001) provides a set of standardized requirements for an Information Security Management System (ISMS). The standard adopts a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS

BENEFITS OF ISO 27001:2013

Protecting your organization’s information is critical for the successful management and smooth operation of your organization. Achieving ISO 27001 will aid your organization in managing and protecting your valuable data and information assets.
By achieving certification to ISO 27001 your organization will be able to reap numerous and consistent benefits including:

Keeps confidential information secure
Provides customers and stakeholders with confidence in how you manage risk
Allows for secure exchange of information
Helps you to comply with other regulations (e.g. SOX)
Provide you with a competitive advantage
Enhanced customer satisfaction that improves client retention
Consistency in the delivery of your service or product
Manages and minimizes risk exposure
Builds a culture of security
Protects the company, assets, shareholders and directors.

Key Requirements:

CTP-ISMS-01	Procedure for Management
CTP-ISMS-02	Procedure for Documented Information Control
CTP-ISMS-03	Procedure for Corrective Action
CTP-ISMS-04	Procedure for Control of Record
CTP-ISMS-05	Procedure for Information Security Management System
CTP-ISMS-06	Procedure for Control of Nonconformity and Improvement
CTP-ISMS-07	Procedure for Personnel and
CTP-ISMS-08	Procedure for Scope Documentation for Implementation
CTP-ISMS-09	Approach Procedure for ISMS
CTP-ISMS-10	Procedure for Risk Assessment
CTP-ISMS-11	Procedure for Organization Security
CTP-ISMS-12	Procedure for Assets Classification & Control
CTP-ISMS-13	Procedure for Human Resource Security
CTP-ISMS-14	Procedure for Physical and Environmental Security
CTP-ISMS-15	Procedure for Communication & Operational Management
CTP-ISMS-16	Procedure for Access Control
CTP-ISMS-17	Procedure for System Development and Maintenance
CTP-ISMS-18	Procedure for Business Continuity Management Planning
CTP-ISMS-19	Procedure for Legal Requirements
CTP-ISMS-20	Procedure for ISMS Change Management
CT-Policy-01	Acceptable Use Policy-Information Services
CT-Policy-02	Infrastructure Policy
CT-Policy-03	Policy for Access Card
CT-Policy-04	Backup Policy
CT-Policy-05	Clear Desk and Clear Screen Policy
CT-Policy-06	Physical Media & Disposal Sensitive Data
CT-Policy-07	Electronic Devices Policy
CT-Policy-08	Laptop Policy
CT-Policy-09	Password Policy
CT-Policy-10	Patch Management
CT-Policy-11	User Registration Access Management
CT-Policy-12	Policy for Working in Secured Areas
CT-Policy-13	Visitor Policy
CT-Policy-14	Work Station Policy
CT-Policy-15	Cryptographic Policy
CT-Policy-16	Internet acceptable user policy
CT-Policy-17	Personally identifiable information policy (PII)
CT-Policy-18	Data Protection Policy
CT-Policy-19	Cloud Security Policy
CT-Policy-20	Data Transfer Policy
CT-Policy-21	Cyber Security Policy
CT-Policy-22	Business Continuity Plan
CT-Policy-23	Software configuration management
CT-Policy-24	Information security incident management
FPC-01	Process Flow Chart
OC-01	Organizational Chart
FM-01	Asset Register and Evaluation
FM-02	Asset Identification and Classification
FM-03	New User Creation Form

FM-04	Media Disposal and Scrap record
FM-05	Security incident & investigation
FM-06	Capacity Planning
FM-07	Business Continuity Test Report
FM-08	ISMS Objectives Monitoring Sheet
FM-09	Visitor Entry Register
FM-10	Employee Leaving/Transfer/Termination Checklist
FM-11	Master List and Distribution List of Document
FM-12	Change Note
FM-13	Corrective Action Report
FM-14	Master List of Records
FM-15	Objective Plan
FM-16	Audit Plan / Program
FM-17	ISMS Internal Audit Non-Conformity Report
FM-18	ISO/IEC 27001:2022 Audit Checklist Report
FM-19	Communication report
FM-20	Customer Complaint Report
FM-21	Customer Feedback Form
FM-22	Approved Supplier List
FM-23	Supplier registration form
FM-24	Training Calendar
FM-25	Employees Competence Report
FM-26	Induction Training Report
FM-27	Training Report
FM-28	Skills Matrix Sheet
FM-29	Breakdown History Card
FM-30	Preventive maintenance checklist
MDL-01	Master Document List