ISO SERVICES

ISO History 

In October 1946, ISA and UNSSC delegates from 25 countries met in London and agreed to join forces to create the new International Organization for Standardization. The new organization officially began operations in February 1947.

ISO Services

Complying with mandatory requirements is considered a must for organizations that offer high-quality customer services. These internationally recognized standards provide those requirements and characteristics needed to ensure that processes and services offered fit their purpose (secure, reliable and of good quality).

SMT can confidently assist you with compliance, consultation, implementation and training. Our ISO consultants bring in years of management system and domain experience to develop a comprehensive ISO management system in your organization which gives you a sustainable competitive advantage and adds value to processes and enhances your brand image.

ISO systems are all about quality and productivity. Experience in each department is critical in replacing an existing system with an ISO standard based one.

We will guide you through the complete project,from beginning to end undertaking as much of the implementation work as you require.

We offer you a complete services to help you in establishing, implementing, monitoring and improving your Information Security Management System (ISO

27001:2013) & Business Continuity Management System (ISO 22301:2012), Information Technology Service Management System (ISO 20000: 2011 ), &

Cybersecurity (ISO 27032: 2012).

Why get ISO certified?

• Increased Credibility and Recognition
• Increased Revenues
• Improved Consistency
• Increased Customer Satisfaction
• Empowered Employees
• Save Cost by Applying Existing Solutions
• Law Regulations

Our ISO Consulting Services Include:

1. Assist you to identify the business processes which are vital to your organisation. Thus creating a solid foundation for building an effective ISMS. 
2. Undertake an assessment of your existing security processes and compare them to those required by ISO Standards. A gap analysis report will be presented identifying the proposed actions required.
3. We will help you evaluate the levels of risk involved in your business processes. Consequently, a risk treatment plan can be generated.
4. We will take you through the whole process of gaining certification. We will undertake a final assessment of your Management System and then act on your behalf on the day of the certification audit to ensure a successful outcome.

ISO 22301:2019, Business Continuity Management Systems

• A standard that specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
• It is intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization.

ISO 27001:2013, Information Security Management System

• This International Standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system.
• An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.

SMT ISO 22301 Steps

          1. Scope

The Scope phase includes evaluating and assessing the company’s environment. Then choosing the right scope with discussing and approving of the document.

          2. Gap Assessment 

A gap assessment is a method of assessing the differences in performance between a business’ information systems or software applications to determine whether business requirements are being met or not.

1. Assessment Interview with staff.
2. Filtering result sheet.
3. Report.
4. Presentation for top management that has recommendations.

          3. Project Initiation 

• Deciding the project duration.
• Choosing an ISO team for both your company and SMT.
• Also, choosing a manager and a sponsor for both sides.
• Planning and writing the phases in a SmartSheet shared with both sides.

          4. Risk Assessment

A risk assessment is the combined effort of: identifying and analyzing potential events that may negatively impact individuals, assets, and/or the environment; and making judgments “on the tolerability of the risk on the basis of a risk analysis” while considering influencing factors. 

• Risk Assessment
• Risk Treatment
• Methodologies (Based on scenarios)
• Business Continuity Strategy
• Business Continuity Plan

          5. Documentation & Implementation

• Documenting all previous phases.
• Implementing ISO 22301 Standards.
• Business Continuity Strategy Implementation.
• Business Continuity Plan Implementation.

          6. Internal Audit

• Performance test.
• Report and document the results.
• Writing a non-conformity active log.
• Providing a corrective action.

          7. External Audit 

Or the “certification audit” is an audit your selected registrar will conduct to verify conformance against the ISO standard before they issue your official ISO certificate. 

SMT ISO 27001 Steps

          1. Scope

The Scope phase includes evaluating and assessing the company’s environment. Then choosing the right scope with discussing and approving of the document.

          2. Gap Assessment 

A gap assessment is a method of assessing the differences in performance between a business’ information systems or software applications to determine whether business requirements are being met or not.

1. Assessment Interview with staff.
2. Filtering result sheet.
3. Report.
4. Presentation for Top Management that has recommendations.

          3. Project Initiation 

• Deciding the project duration.
• Choosing an ISO team for both your company and SMT.
• Also, choosing a manager and a sponsor for both sides.
• Planning and writing the phases in a SmartSheet shared with both sides.

          4. Documentation & Implementation

• Documenting all previous phases.
• Implementing ISO 27001 Standards.
• Business Continuity Strategy Implementation.
• Business Continuity Plan Implementation.

          5. Internal Audit

• Performance test.
• Report and document the results.
• Writing a non-conformity active log.
• Providing a corrective action.

          6. External Audit 

Or the “certification audit” is an audit your selected registrar will conduct to verify conformance against the ISO standard before they issue your official ISO certificate. 

Our ISO Training 

SMT provides ISO training certificates in the following ISO programs:

• ISO  22301 (BCMS)
  • ISO 22301 Business Continuity Lead Implementer Training Program.
  • ISO 22301 Business Continuity Lead Auditor Training Program.
  • ISO 22301 Business Continuity Internal Auditor Training Program.
• ISO 27001 (ISMS)
  • ISO 27001 Information Security Lead Implementer Training Program.
  • ISO 27001 Information Security Lead Auditor Training Program.
  • ISO 27001 Information Security Internal Auditor Training Program.