The basic principle on any ISO system developed is - Plan - Do - Check - ACT. your audit also should be on the same principle.
And seven friends of auditors (5 W and 1 H) - Who - What - Where - When - Why - How.
rgs
From Vietnam, Ho Chi Minh City
5And seven friends of auditors (5 W and 1 H) - Who - What - Where - When - Why - How.
rgs
From Vietnam, Ho Chi Minh City
I am also working for the iso-27001 we are design company.
We are in under process of Iso 9001 & ISo 27001. Can you guid me what precutions or corrective action should help me.
awaiting for seniors guidance.
Thanks & regards,
From India, Ahmadabad
We are in under process of Iso 9001 & ISo 27001. Can you guid me what precutions or corrective action should help me.
awaiting for seniors guidance.
Thanks & regards,
From India, Ahmadabad
VSD Infotech (VSDi) as an technology services company specializing in Information Security Services and Networking solutions. We have been working with leaders in the Infrastructure management space, through a hybrid model combining technology and human expertise.
VSDi (VSD - Home) offers a complete range of IT Services to our customers. VSDi focuses on delivery, technology and process excellence in providing top-notch infrastructure management and information security services.
EIRA:
We have an developed a ISMS implementation toolkit named called EIRA (Enterprise Information Risk-Mitigation Automator) which is a result of research and feedback attained from Lead Auditors, ISMS Lead Auditors Trainers and some Senior Level executives of the Companies in the process of implementation of ISMS under ISO/IEC 27001. EIRA is a software tool to help the organization to implement ISMS in their organization (commercial enterprises, government agencies, non-profit organization).
Services Offerings in Information Security Management:
VSDi offers a broad range of services related to Information Security Management. Have a look at the following illustrative list:
oHigh level network security architecture review
oNetwork Security Review
oVulnerability Assessment of critical server & network devices
oRemote penetration testing of systems connected to internet
oConsultancy and guidance in system hardening
oStage 1 Auditing of IT infrastructure identifying security weaknesses against industry
oDevelopment of security policies and procedures
oReview of security policy
oInformation Security Risk assessment using automated test tools (EIRA)
oGuidance for implementation of IT Security best practices
oVendor Site Compliance Certificate (VSCC)
We do not stop with that. Together, You and VSDi can explore further avenues to promote Information security culture.
Training Programs
VSDi believes that human resources- employees and clients are the first line of defence to fortify information security. At the same time, they are the weakest link in information security chain. So what do we do? Empowerment, motivation and driving for ethical values is the only option. Therefore, we are planning to render the training services in Information Security in conjunction with STQC through corporate alliance.
VSDi is endowed with Senior and Experienced faculty who have decades of exposure to a wide range of industries say Manufacturing, Software, Finance, Insurance, Research & Development, Hospitality Management, Health Care services , Academics, etc..
oInformation Security Management - Best Practices -3 days
This workshop aims at training Junior and Middle management, to adopt ISMS Standards and best practices in their day to day operations.
oInformation Security Risk Management Workshop -2 days
This workshop aims on guiding Senior Management in collaboration with CISO / CIO of the organisation which has embarked upon ISO27000 certification process..
oIT Service Management Foundation (based on ITIL®)-5days
This program aims at imparting knowledge of the ITIL® terminology, structure and basic concepts to IT professionals, business managers and business process owners. Training enables the participants comprehend the key principles of ITIL® practices for Service Management.
oInformation Security Awareness Training-2 days
Focus is on the User / Employee ,as well as Vendor / Service Provider staff gaining awareness about various security issues and to follow security policies
procedures and guidelines so that they do not fall victim to external threats or become perpetrators of cyber crime.
From India, Madras
VSDi (VSD - Home) offers a complete range of IT Services to our customers. VSDi focuses on delivery, technology and process excellence in providing top-notch infrastructure management and information security services.
EIRA:
We have an developed a ISMS implementation toolkit named called EIRA (Enterprise Information Risk-Mitigation Automator) which is a result of research and feedback attained from Lead Auditors, ISMS Lead Auditors Trainers and some Senior Level executives of the Companies in the process of implementation of ISMS under ISO/IEC 27001. EIRA is a software tool to help the organization to implement ISMS in their organization (commercial enterprises, government agencies, non-profit organization).
- Organizations that are planning or have just completed the training of their team and are ready to implement.
- Organizations practicing ISMS and ISMS Auditors
- Organizations who want to upgrade from BS7799 to ISO/IEC27001:2
Services Offerings in Information Security Management:
VSDi offers a broad range of services related to Information Security Management. Have a look at the following illustrative list:
oHigh level network security architecture review
oNetwork Security Review
oVulnerability Assessment of critical server & network devices
oRemote penetration testing of systems connected to internet
oConsultancy and guidance in system hardening
oStage 1 Auditing of IT infrastructure identifying security weaknesses against industry
oDevelopment of security policies and procedures
oReview of security policy
oInformation Security Risk assessment using automated test tools (EIRA)
oGuidance for implementation of IT Security best practices
oVendor Site Compliance Certificate (VSCC)
- Gap analysis
- Build controls, procedures and documents as per the standard
- Application Site testing
- Website testing
- Includiting using accredited certifying bodies
We do not stop with that. Together, You and VSDi can explore further avenues to promote Information security culture.
Training Programs
VSDi believes that human resources- employees and clients are the first line of defence to fortify information security. At the same time, they are the weakest link in information security chain. So what do we do? Empowerment, motivation and driving for ethical values is the only option. Therefore, we are planning to render the training services in Information Security in conjunction with STQC through corporate alliance.
VSDi is endowed with Senior and Experienced faculty who have decades of exposure to a wide range of industries say Manufacturing, Software, Finance, Insurance, Research & Development, Hospitality Management, Health Care services , Academics, etc..
oInformation Security Management - Best Practices -3 days
This workshop aims at training Junior and Middle management, to adopt ISMS Standards and best practices in their day to day operations.
oInformation Security Risk Management Workshop -2 days
This workshop aims on guiding Senior Management in collaboration with CISO / CIO of the organisation which has embarked upon ISO27000 certification process..
oIT Service Management Foundation (based on ITIL®)-5days
This program aims at imparting knowledge of the ITIL® terminology, structure and basic concepts to IT professionals, business managers and business process owners. Training enables the participants comprehend the key principles of ITIL® practices for Service Management.
oInformation Security Awareness Training-2 days
Focus is on the User / Employee ,as well as Vendor / Service Provider staff gaining awareness about various security issues and to follow security policies
procedures and guidelines so that they do not fall victim to external threats or become perpetrators of cyber crime.
From India, Madras
Community Support and Knowledge-base on business, career and organisational prospects and issues - Register and Log In to CiteHR and post your query, download formats and be part of a fostered community of professionals.
TS16949 Internal Audit (Jul05) NCRs.ppt
Internal Audit Checksheet EMS-OHSAS.xls
5s Check List Audit for workshops.pdf