Scribd
Upload
109 views

Project Proposal For ISO 27001:2013 Implementation: Bharat Electronics LTD: Ghaziabad

use

Uploaded by

GVS Rao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
109 views

Project Proposal For ISO 27001:2013 Implementation: Bharat Electronics LTD: Ghaziabad

use

Uploaded by

GVS Rao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

www.generationnext.

in

Project proposal for ISO


27001:2013 implementation
BHARAT ELECTRONICS LTD: Ghaziabad
GENERATION NEXT
GVSRAO
AUDIT PRACTICE LEAD & TUTOR
GENERATION NEXT

www.generationnext.in Whats app 8076524311

Email: [email protected]

Linked in: https://ae.linkedin.com/in/subarao19

Saudi Arabia: PO Box 86532, Riyadh, 111632, Kingdom of Saudi Arabia

India: C 905 Krishna Appra Saphire, Vaibhav Khand, Indirapuram. Ghaziabad. UP. India .
No. 16, First Floor, 70 Hansraj Kamshi Building, Y M Road, Masjid Bunder,
West Mumbai, India

UAE: Spark International FZE, PO Box 16111, RAK FTZ, RAK-UAE.

Algeria: No: 2 Etage Batimet Billayat, Cite Eyalarsa, SETIF, ALGERIA.

Copyright ©GVS RAO. 3


He is PGD (Osm Univ-Gold Medalist), MBA (Mktg). A Strategic Change
Specialist, Serial Entrepreneur and an Innovator. His passion to cater to SMEs with
holistic support in Management consulting

Worked as MANAGEMENT REPRESENTATIVE FOR Obtaining ISO 9001, ISO 14001,


OHSAS 18001: 2007, ISO27001:2013; SA8000; ISO 50001:2011
in Ch2Mhill (Singapore-Dubai 3 years), MB Holdings (OMAN-4 years), ANC
holdings (UAE – 6 years) Alfanar –KSA- 4 years
.
Approved Lead Auditor : ISO 9001 : 2015, ISO 14001 : 2015, OHSAS 18001: 2007,
ISO27001:2013; SA8000:2014; ISO 50001:2011

Registered Lead Tutor for IRCA Approved Courses for ISO 9001, ISO 14001 &
OHSAS 18001. Tutor ISO 9001 : 2015, ISO 14001 : 2015, OHSAS 18001 : 2007,
ISO27001:2013;OHSAS 18001 Also SA8000:2014 SA8000 tutor

Expert : United Nations Industrial Development Organization (UNIDO), Vienna

At www.generationnext.in - we provide complete solutions in ISO ( 9001, 14001,


18001, 27000) and SA8000 certifications

GENERATION NEXT
www.generationnext.in 4
Copyright ©GVS RAO.
Content

• Reasons for implementation


• Purpose of the project
• How the project is taken?
• Milestones
• Resources
• Deliverables

12/28/2017 Copyright ©GVS RAO. 5


Reasons for implementation (1/2)
Primary reasons:
• Why is ISO 27001 good for your company?

There are 4 essential business benefits that a company can achieve with the implementation of this
information security standard:
• Comply with legal requirements – there are more and more laws, regulations and contractual
requirements related to information security, and the good news is that most of them can be resolved by
implementing ISO 27001 – this standard gives you the perfect methodology to comply with them all.

• Achieve marketing advantage – if your company gets certified and your competitors do not, you may have
an advantage over them in the eyes of the customers who are sensitive about keeping their information
safe.

• Lower costs – the main philosophy of ISO 27001 is to prevent security incidents from happening – and
every incident, large or small, costs money. Therefore, by preventing them, your company will save quite a
lot of money. And the best thing of all – investment in ISO 27001 is far smaller than the cost savings you’ll
achieve.

• Better organization – typically, fast-growing companies don’t have the time to stop and define their
processes and procedures – as a consequence, very often the employees do not know what needs to be
done, when, and by whom. Implementation of ISO 27001 helps resolve such situations, because it
encourages companies to write down their main processes (even those that are not security-related),
enabling them to reduce the lost time of their employees.

12/28/2017 Copyright ©GVS RAO. 6


Reasons for implementation (2/2)

Secondary reasons:
• Create a culture of continual improvement of the
processes
• Improve employee engagement towards process
improvement

12/28/2017 Copyright ©2014 9001Academy. All rights reserved. 7


Purpose of the project (1/2)

What do we want to achieve?


• Gain ISO 27001:2013 certification
• Increase IT risk mitigation
• Increase customer satisfaction by IT security
• Increase competitiveness of [PPAC]

12/28/2017 Copyright ©GVS RAO. 8


Purpose of the project (2/3)

12/28/2017 Copyright ©GVS RAO. 9


Purpose of the project (2/3)

What do we want to achieve?


• Better management of processes, activities and
functions
• Reduce costs through continual improvements
attained through the ISO 27001:2013 management
system

12/28/2017 Copyright ©2014 9001Academy. All rights reserved. 10


How to Project implemented ISO 27001:2013
To implement ISO 27001 in your company, you have to follow these 16 steps:
(APPX . 45 Mandays)

1) Get top management support ( As & When required / Continuous)


2) Use project management methodology ( As & When required / Continuous)
3) Define the ISMS scope ( # 1 Mandays*) [*MD]
4) Write the top-level Information security policy ( #1Mmandays)
5) Define the Risk assessment methodology ( #1 Mandays)
6) Perform the risk assessment and risk treatment ( #2 Mandays)
7) Write the Statement of Applicability ( #1 Mandays)
8) Write the Risk treatment plan ( #1 Mandays)
9) Define how to measure the effectiveness of your controls and of your ISMS (TBD)
10) Implement all applicable controls and procedures ( # 15 Mandays)
11) Implement training and awareness programs ( #8 Mandays)
12) Perform all the daily operations prescribed by Co. ISMS documentation (#15 MD)
13) Monitor and measure your ISMS ( # 10 Mandays)
14) Perform internal audit* ( Along with your Qualified IA* # 3 Mandays)
15) Perform management review ( # 1 Mandays)
16) Implement corrective actions ( # 4 Mandays)

12/28/2017 Copyright ©GVS RAO 11


Milestones
Milestone Due date
Initiation On signing agreement
Planning 01 Feb 2018
Assessment / Awareness Trg 02 Feb 2018 onwards
Rollout of ISO 27001:2013
6 Feb 2018 onwards
Int Auditor Trg
Internal Audit April 2018
Management Review April 2018
Corrective Actions May 2018
Certification Audit TBD
Continual Improvement Setup Post Certification
12/28/2017 12
Resources (1/2)

Human PPAC - Coordinator ( Mr Digambar )


resources
GVS Rao

Technical Power Points


resources Equipment – Office table / Chair (& peon)
- Conference room / Projector

12/28/2017 Copyright ©GVS RAO. 13


Resources (2/2)
Financial *Phase 1:
resources Awareness Training(2 days): INR 50,000
(Incl Taxes) Internal Auditor Training ( 2 days): 50,000
*Billing Phase wise to be *Phase2: Documentation (Kit –over 600 pages): 1,00,000
remitted Advance
*90 Man-days / Resources Persons (spread 4 months):
1,50, 000
Travelling: Actuals (other than Ghaziabad offices
Value Certified Internal Auditors (25)aaa
Addition Hand holding till Certification (BV)
* Our templates

World class – Consulting by Mr GVSRao


Documentation (soft ) upgraded V9*.

12/28/2017 Copyright ©2014 9001Academy. All rights reserved. 14


Deliverables

• ISO 27001:2013 General requirements &


related documents
• Definition or product realization processes
• Measurement, analysis and improvement
processes

12/28/2017 Copyright ©GVS RAO. 15


Project proposal for ISO 9001
implementation
GVS RAO

12/28/2017 Copyright © 2015 16


12/28/2017 Copyright ©2014 9001Academy. All rights reserved. 17

You might also like