Upload
ankita-lachhwani
View
229
Download
0
Embed Size (px)
Citation preview
iFour ConsultancyISO 27001 - Management Clause 9
ISO for Software application development India - http://www.ifour-consultancy.com/
1
Performance evaluation In order to make systematic improvements in Information security controls, processes and management system
ISO 27001 - Management Clause 9ISO for Software application development IndiaMonitorEvaluate/Audit/ReviewMeasureAnalyse
ISO for Software application development India - http://www.ifour-consultancy.com/2
9.1 Monitoring, measurement, analysis and evaluation9.2 Internal audit9.3 Management reviewPerformance evaluationISO for Software application development India
ISO for Software application development India - http://www.ifour-consultancy.com/3
Actions involved:Decide what needs to be monitored and measuredMonitor customers satisfactionAnalyse and evaluate data and information9.1 Monitoring, measurement, analysis and evaluationISO for Software application development India
ISO for Software application development India - http://www.ifour-consultancy.com/
4
9.1 Monitoring, measurement, analysis and evaluation (Contd)Determine most appropriate measurement(s)Performance RequirementDetermine what can be measuredCreate measuring procedureMeasureRaise improvementEscalate to top managementReport measurementsAnalyse figuresEvaluateAction RequiredEscalation Requiredhttps://issuu.com/public-it/docs/isms09005_process_for_monitoring__m?e=7139440/30590160ISO for Software application development IndiaYNYN
ISO for Software application development India - http://www.ifour-consultancy.com/
5
Documentation RequirementsDocuments, logs, periodic reports on IS risks, Incidents and changes
Implementation RequirementsIdentifying various IS Metrics to be monitored and measuredAssigning monitoring responsibilities to the competent staff
Audit RequirementsReview reports on various ISMS metrics, and measurements
9.1 Monitoring, measurement, analysis and evaluation (Contd)ISO for Software application development India
ISO for Software application development India - http://www.ifour-consultancy.com/
6
Top management reviews the organisations management system at regular intervalsDocumentation RequirementsM R meeting minutes / decisions related to ISMS
Implementation RequirementsEnsuring Management reviews ISMS performance periodicallyManagement conducting periodic reviews on ISMS performance, status of previous issues, risk assessments reports, Audits, NCs, Corrective actions, and feedback
Audit RequirementsReview ISMS performance reviewsReview results of MRs (Corrective actions)9.3 Management reviewISO for Software application development India
ISO for Software application development India - http://www.ifour-consultancy.com/
7
Evidence of the monitoring and measurement results (9.1) Evidence of the audit programme(s) and the audit results (9.2) Evidence of the results of management reviews of the ISMS (9.3)
Requirements for documented informationISO for Software application development India
ISO for Software application development India - http://www.ifour-consultancy.com/
8
Referenceshttp://www.iso27001security.com/html/27001.htmlhttps://en.wikipedia.org/wiki/ISO/IEC_27001:2013http://www.imsm.com/gb/iso-9001-revision/iso-90012015-clause-9/https://issuu.com/public-it/docs/isms09005_process_for_monitoring__m?e=7139440/30590160
ISO for Software application development India
ISO for Software application development India - http://www.ifour-consultancy.com/9
Visit- http://www.ifour-consultancy.comOr http://www.ifourtechnolab.com
For more detailsISO for Software application development India
ISO for Software application development India - http://www.ifour-consultancy.com/
10
Thank You ISO for Software application development India
11