Scribd
Upload
130 views5 pages

ISMS Implementation Tracker

This document outlines the various activities involved in maintaining an information management system (IMS), including conducting risk assessments, updating documentation, conducting internal and external audits, managing changes, ensuring access controls, addressing incidents, and testing business continuity plans. It provides details on the documentation and records required to demonstrate conformance to the IMS.

Uploaded by

VKNRIS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
130 views5 pages

ISMS Implementation Tracker

This document outlines the various activities involved in maintaining an information management system (IMS), including conducting risk assessments, updating documentation, conducting internal and external audits, managing changes, ensuring access controls, addressing incidents, and testing business continuity plans. It provides details on the documentation and records required to demonstrate conformance to the IMS.

Uploaded by

VKNRIS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Control Category Activity Details

organization and its context setting including needs and


IMS Context setting expectation of stakeholders

Risk Assessment and


Treatment Planning
(RARTP) Identify new risks (Iformation Security & Privacy Risks)
Work on planned Risk Treatments & update risk register
completion status
Identify new IMS objectives (KPI's) Org. Level

Identify new IMS objectives (KPI's) Department Level

Update statement of applicability (SOA) status Yes/No


Statement of with justification for inclusion / exclusion along with
Applicability (SOA) version update
IMS Competence
Matrix Update IMS competency matirx
IMS awareness
session Conduct IMS awareness session - org. wide
Conduct IMS awareness session - new joiners at
Induction program
Post IMS awareness training, conduct assessment

IMS Objectives,
Monitoring,
measurement and Identification of new IMS objectives and planning to
analysis achieve them
Update Measurement and Metrics of identified IMS
Objectives

IMS Documentation Manage DCR's (Document change requests)


Creation and update of IMS documents
IMS documents review
Control of documented information and update MLD
tracker

Internal Audit Internal Audit planning & communication to auditees


Conduct / Face Internal Audit
Internal audit report preparation and present to the IMS
steering committee
Followup and closure of internal audit findings

External Audit External Audit planning & communication to auditees


Conduct / Face external Audit
External audit report preparation and present to the IMS
steering committee
Followup and closure of external audit findings

Management
review(MR) / IMS Palnning and schedule of Management Review
Steering Committee Meeting/IMS Steering Committee
IMS MR/IMS steering committee repeort/presentation
preparation
Conduct MR/IMS Steering Committee
Preparation of MOM (Minutes of Meeting) with listing
action items
Follow-up on closure of Action items
Continual Identify Continual Improvement points at department
Improvement (CI) level
Contact with
authorities Contact with authorities tracker update

Contact with special


interest groups
Contact with special interest groups tracker update
Human resource
security (HR) BGV Records repository update
Employee Tracker with BGV details
NDA Documents signed from employees

Employee onbarding checklist and communications


Employee exit checklist and communications
Other Exit Documents like Non competence letters /
Agreement letters.

Information Asset Inventory tracker creation and update


Information Asset along with Asset owner, Asset Custodian, Asset Location
management and Asset Status including Asset Return

Create and update Access Control Metric (ACM) for Apps


(internal & External) and Data folder including cloud
storage (Google Drive, One dirve, Sharepoiunt, Google
Access control One, Droop Box, MS Teams, other Cloud storage)
Review and acknowledge of Access Control Metric

Password Ensure PasswordPolicy is umplemented across all Apps


management system and systems

Physical and
environmental Building agreement copies and Approval to use building
security utilities along with SLA's
Agreement with Building landlord regarding Utility
services offered

A walk through of all the three office premises showing


the required security controls (Virtual Live / Recorded)

Fire extinguishers and Sprinklers list along with


Maintenance Expiry details
Printer placement and security features & avability of
paper shredder

CCTV cameras and access to Recordings with Recordings


retention for how many days / months ?

Access controlled entries to Reception and Working areas


Floor map with Fire Exit/Fire
Extingushers/Spriklers/Assembly point mnetioned
Emergency exit
Fire Drill reprot along with NOC from Fire and Safety
department for Building
Insulation of cables (No cables are exposed both Network
/ Electrical)
Desk and system screens
Power backup (UPS and DG details with power Backup
details)
Material IN/OUT registers

Visitor Entry Records Book with what type of visitor


informations/PII are captured in the register
Information Security and Privacy signages

Change management Change Request forms


CAB Tracker
Capacity
management Capacity and Avability tracker

Information backup Backup restore requests form


Backup resotre test reports
Events Logs and
monitoring List of Event logs monitoring
All Critical logs retention location and retention
periodicity
Provide demo to the Internal / External Auditor

Clock synchronisation of endpoint computers, CCTV, Fire


Clock synchronisation Alaram System and door access control systems, etc.,
Technical
vulnerability
management VAPT records
VAPT findings closure and reassessment report
Updation of VAPT points in Risk Register and IMS steering
committee presentation
Infrastructure Patch update Status
Antivirus Software management console and Update
status

Restrictions on
software installation Restrictions on software installation

Blocking endpoints USB, Storage, communiction ports


Segregation in
networks Approved Network Diagram

System acquisition,
development and
maintenance Secure Coding Checklists for existing and new projects
Information Security adoption for new projects at
beginning for the project planning

Addressing information security/Privacy requirements


Supplier relationships within supplier agreements (NDA, MSA's)

NDA / Agreements signed with Vednors / Suppliers copies

Confidentiality or
nondisclosure Agreements with Vendors for Information and
agreements communication technology service providers

Monitoring and review of supplier services records


Vendor List

Information security /
privacy incident
management Information Security Incident Records

Reporting of Information security / privacy incidents

Incident Tracker with RCA and Corrective actions defined


Learnings from information security incidents (Pareto
charts)
business continuity
management BIA and BCP Tracker

Hard copies emergency contact details and Procedure


BCP test reprots
Compliance Compliance Tracker

You might also like