Welcome to INNOVATION
the training and consulting company.
ISO 27001: 2022
OPTION 1: TRAINING SERVICE
- Awareness/ interpretation training (2 man-days)
- Writing documents training (2 man-days)
- Internal auditor training (2 man-days)
OPTION 2 - TRAINING AND CONSULTING SERVICE (APPLICATION FOR THE 1ST TIME YOU HAVE SETUP ISO 27001 SYSTEM)
|
Sq. |
Items of ISO project |
In charge |
Progress with milestone (month/ week) |
Total Man-days |
|||||||||||||||||||||||
|
1st month |
2nd month |
3rd month |
4th month |
5th month |
6th month |
||||||||||||||||||||||
|
1 |
2 |
3 |
4 |
1 |
2 |
3 |
4 |
1 |
2 |
3 |
4 |
1 |
2 |
3 |
4 |
1 |
2 |
3 |
4 |
1 |
2 |
3 |
4 |
||||
|
1 |
Factory tour & general documents & records survey |
Consultant & ISO team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
2 |
ISO 27001 awareness & interpretation training |
Consultant & ISO team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
|
|
3 |
Writing/ modification the procedures/ documents |
Consultant & ISO team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8 |
|
|
4 |
Issue documents |
ISO team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- |
|
|
5 |
Training general requirements to ISO team |
Consultant & ISO team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
6 |
ISO 27001 internal auditor training |
Consultant & ISO team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2 |
|
|
7 |
Internal audit |
Consultant & ISO team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
5 |
|
|
8 |
Management review |
BOD & ISO team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- |
|
|
9 |
Corrective action after internal audit |
Consultant & ISO team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
10 |
Pre-audit by consultant |
Consultant & ISO team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
11 |
Certificating audit - 1st stage audit (*) |
ISO team & auditors team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- |
|
|
12 |
Corrective action |
Consultant & ISO team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
|
|
13 |
Certificating audit – 2nd stage audit (**) |
ISO team & auditors team |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- |
|
|
14 |
Total man-days |
|
|
|
|
|
|
|
22 |
||||||||||||||||||
Notes: Certification audit is carried out by the independent Certification Body (Ex: SGS, TUV, QUACERT…)
|
Sq. |
Document’s name
|
ISO 27001 Clause
|
|
1
|
ISMS Policy
|
5.2 & A.5.1
|
|
2
|
Mobile devices and teleworking policy
|
A.6.2
|
|
3
|
Access control policy |
A.9.1
|
|
4
|
Cryptography policy
|
A.10
|
|
5
|
Clear desk and clear screen policy
|
A.11.2.9
|
|
6
|
Back up policy
|
A.12.3
|
|
7
|
Information transfer policy
|
A.13.2
|
|
8
|
Secure development policy
|
A.14.2
|
|
9
|
Information security in supplier relationships policy
|
A.15.1
|
|
10
|
ISMS objectives
|
6.2
|
|
11
|
Information security risk assessment procedure
|
6.1 & 8.1
|
|
12
|
Training procedure
|
7.2
|
|
13
|
Documents & records control procedure |
7.5
|
|
14
|
Measurement, analysis and evaluation procedure |
9.1
|
|
15
|
Internal audit procedure |
9.2
|
|
16
|
Management review procedure
|
9.3
|
|
17
|
Nonconformity and corrective action procedure
|
10.1
|
|
18
|
Improvement procedure
|
10.2
|
|
19
|
Asset management procedure
|
A.8
|
|
20
|
Information classification procedure |
A.8.2
|
|
21
|
Media handling procedure
|
A.8.3
|
|
22
|
System and application access control procedure
|
A.9.4
|
|
23
|
Physical and environmental security management procedure
|
A.11
|
|
24
|
Operations security procedure
|
A.12
|
|
25
|
Control of operational sofware procedure
|
A.12.5
|
|
26
|
Information transfer procedure |
A.13.2
|
|
27
|
Security in development procedure |
A.14.2
|
|
28
|
Supplier service management procedure |
A.15.2
|
|
29
|
Incident management procedure
|
A.16
|
|
30
|
Business continuity plan (BCP) management procedure
|
A.17
|
|
31
|
Compliance with legal requirements procedure
|
A.18
|
|
32
|
Work instructions
|
A.12
|
Why Choose Us?
Experience
15 Years
375 Customers
600 Projects
Our customers
