Sequretek followed the holistic approach of PDCA (Plan, Do, Check, Act) to formulate an efficient and robust setup to assist the organization in achieving the intended outcome of its information security management system. The existing policies were analysed and a thorough gap assessment was conducted to detect any lacunae in the on-ground processes. The policies and requirements constructed from the old standard (ISO27001:2005) were mapped against the current standards requirements (ISO27001:2013).
Post this activity, a risk management methodology was formulated to efficiently identify, analyze and evaluate the risk adjacent to pertinent process. An effective risk treatment plan was drawn based on the standard controls to modify the risk to acceptable thresholds. An independent audit was conducted to validate the robustness of the ISMS implementation keeping objectivity and the concept of maker-checker in mind.