1 / 36

Shahi Enterprises Ltd. An ISO 9001:2008 Services Provider Company

Welcome to. Shahi Enterprises Ltd. An ISO 9001:2008 Services Provider Company. India Office: 205-206, Atmiya Complex, Maneja Crossing Vadodara – 390 013 Gujarat, India. Tel: 9601349008 Email: info@shahienterprises.com Website: www.shahienterprises.com. UAE Office :

aviva
Download Presentation

Shahi Enterprises Ltd. An ISO 9001:2008 Services Provider Company

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Welcome to Shahi Enterprises Ltd. An ISO 9001:2008 Services Provider Company India Office: 205-206, Atmiya Complex, Maneja Crossing Vadodara – 390 013 Gujarat, India. Tel: 9601349008 Email: info@shahienterprises.com Website: www.shahienterprises.com UAE Office : Shahi Enterprises FZEP.O. Box 31291 Al-Jazeera Al Hamra, Ras Al Khaimah United Arab Emirates Lead Auditor Shiv Shankar Mobile No. +971 562646057 Email: info@shahifze.com Website: www.shahifze.com ************************** Our Branches *************************** Lucknow, Gorakhpur, Raipur, Kolkatta, New Delhi, Mumbai, Rajkot,Mehsana, Jamnagar,Ranchi,Dehradoon, Guhawati Bangalore, Patna, Valsad.

  2. About us Shahi Enterprises has been established in 2004 as a Quality Consulting firm in India at Baroda (Vadodara). Shahi Enterprises has grown from a Quality Consulting firm now become a limited company providing its quality management consulting services to various parts of India (Gujarat, Maharashtra, Uttar Pradesh, Uttarakhand, and Chhattisgarh) and started its quality consultancy services at UAE. We have our offices at Baroda, Lucknow, Mumbai, Guwahati. Shahi Enterprises Ltd is serving over more than two thousand certified clients providing them whole range of ISO Certification Consulting Services for ISO 9001, ISO14001, ISO 18001, ISO 22000, ISO 27001, HACCP, BRC, PED, UL/CE Marking, API Monogram, Trade Mark, GMP- WHO & Product Up gradation. • Shahi Enterprises Ltd. train and utilize highly capable staff to provide valuable service to assist our clients to achieve the international recognition and acceptance through the standard of the quality management system, it would cover systematic approach through format for: • Purchase order/-monitoring Storage. • Process control/production planning. • Inventory management. • Machine breakdown monitoring. • Neat working place. • Training management staff. A Unit of Shahi Group

  3. Our Services We help for subsides for different quality standards from STATE & CENTRAL GOVT. • Quality Up gradation System Subsidy • 5% Interest Subsidy • R&D Subsidy • ETP (Environment Treatment Plan) • Foreign Exhibition Subsidy • IT Subsidy • GEB Subsidy • Our Associations have been rewarding in the following areas of activities. • Quality Standard Developments • ISO 14001-2004 Environment Management System •     ISO 18001-2007 Occupational Health & Safety Management System •     ISO 22000-2005 Food Safety Management System •     ISO 27001-2005 Information Security Management System •     HACCP – Hazard Analysis and Critical Control Points •     BRC - British Retail Consortium •     PED - Pressure Equipment Derivative •     QUALITY & HR- TRAINING • Product Certification • UL/CE Marking •      API Monogram •      GMP- WHO & Product Up gradation • Business Development • Franchise and Dealer Management • Project Finance • Liaison and Representation A Unit of Shahi Group

  4. HISTORY OF ISO ISO’s means "International Organization for Standardization“ Central Secretariat in Geneva, Switzerland International federation of over more than 176 countries Non-governmental organization founded in 1947 on the basis of one member per country “ISO”, derived from the Greek word isos, meaning ‘equal” Published more than 17500 International Standards A Unit of Shahi Group

  5. What is Information Security Management ? Information is a valuable asset in any organization, whether it's printed or written on paper, stored electronically or sent by mail or electronic means. To effectively manage the threats and risks to your organization's information you should establish an Information Security Management System (ISMS). An ISMS based on the international standards ISO/IEC 27001: 2005 will help you to implement an effective framework to establish, manage and continually improve the security of your information. A Unit of Shahi Group

  6. What is ISO 27001? ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes. According to its documentation, ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system." ISO 27001 uses a top down, risk-based approach and is technology-neutral. The specification defines a six-part planning process: • Define a security policy. • Define the scope of the ISMS. • Conduct a risk assessment. • Manage identified risks. • Select control objectives and controls to be implemented. • Prepare a statement of applicability. A Unit of Shahi Group

  7. What is ISO 27001? The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation. The 27001 standard does not mandate specific information security controls, but it provides a checklist of controls that should be considered in the accompanying code of practice, ISO/IEC 27002:2005. This second standard describes a comprehensive set of information security control objectives and a set of generally accepted good practice security controls. ISO 27002 contains 12 main sections: 1.Risk assessment2.Security policy3. Organization of information security4. Asset management 5. Human resources security6. Physical and environmental security A Unit of Shahi Group

  8. What is ISO 27001? 7. Communications and operations management8. Access control9. Information systems acquisition, development and maintenance 10. Information security incident management 11. Business continuity management 12. Compliance Organisations are required to apply these controls appropriately in line with their specific risks. Third-party accredited certification is recommended for ISO 27001 conformance. Other standards being developed in the 27000 family are: 27003 – implementation guidance. 27004 - an information security management measurement standard suggesting metrics to help improve the effectiveness of an ISMS. 27005 – an information security risk management standard. (Published in 2008) 27006 - a guide to the certification or registration process for accredited ISMS certification or registration bodies. (Published in 2007) 27007 – ISMS auditing guideline. A Unit of Shahi Group

  9. ISMS – Framework A Unit of Shahi Group

  10. A Unit of Shahi Group

  11. WHAT STANDARDS DO Development, manufacturing and supply of products and services more efficient, safer and cleaner Provide governments with a technical base for health, safety and environmental legislation, and conformity assessment STANDARDS COVERS Risks Costs and benefits Management responsibility Quality system principles Other building blocks A Unit of Shahi Group

  12. These standards can be described in three steps: “Say what is to be done Do the work Prove that it has been done” A Unit of Shahi Group

  13. ISO -27001:2005 • 4 Information security management system • 4.1 General requirements • Define your organization’s ISMS. • Implement your organization’s ISMS. • Operate your organization’s ISMS. • Monitor your organization’s ISMS. • Review your organization’s ISMS. • Maintain your organization’s ISMS. • Improve your organization’s ISMS. • Document your organization’s ISMS. A Unit of Shahi Group

  14. ISO -27001:2005 series • 4.2 Establishing and managing the ISMS • 4.2.1 Establish the ISMS • Define the scope and boundaries of your ISMS. • Define your organization’s ISMS policy. • Define your approach to risk assessment. • Identify your organization’s security risks. • Analyze and evaluate your organization’s security risks. • Identify and evaluate risk treatment options and actions. • Select control objectives and controls to treat risks. • Make sure that management formally approves all • residual risks (those that are left over after you’ve implemented your risk treatment decisions). A Unit of Shahi Group

  15. ISO -27001:2005 series • Get authorization from management before you implement and operate your organization’s ISMS. • Prepare a Statement of Applicability that lists your organization’s specific control objectives and controls. • 4.2.2 Implement and operate the ISMS • Develop a risk treatment plan to manage your organization’s information security risks. • Implement your organization’s risk treatment plan. • Implement your organization’s security controls. • Implement your organization’s educational programs. • Manage and operate your organization’s ISMS. • Manage your organization’s ISMS resources. • Implement your organization’s security procedures. A Unit of Shahi Group

  16. ISO -27001:2005 series • 4.2.3 Monitor and review the ISMS • Use procedures and controls to monitor your ISMS. • Use procedures and controls to review your ISMS. • Perform regular reviews of your ISMS. • Verify that your security requirements are being met. • Review your risk assessments on a regular basis. • Review your residual risks on a regular basis. • Review acceptable levels of risk on a regular basis. • Perform regular internal audits of your ISMS. • Perform regular management reviews of your ISMS. • Update your information security plans. • Maintain a record of ISMS events and actions. • 4.2.4 Maintain and improve the ISMS • Implement your ISMS improvements. A Unit of Shahi Group

  17. ISO -27001:2005 series • Take appropriate corrective actions. • Take appropriate preventive actions. • Apply the security lessons that you have learned. • Communicate ISMS changes to all interested parties. • Make sure that your organization’s ISMS changes achieve the intended objectives. • 4.3 Documentation requirements • 4.3.1 General • Establish records that document decisions. • Document your organization’s ISMS. • 4.3.2 Control of documents • Protect and control your ISMS documents. • Establish a procedure to control ISMS documents. • 4.3.3 Control of records • Establish records for your organization’s ISMS. • Maintain records for your organization’s ISMS. A Unit of Shahi Group

  18. ISO -27001:2005 series • 5 Management responsibility • 5.1 Management commitment • Demonstrate that your management supports the establishment of an ISMS. • Demonstrate that your management supports the implementation of an ISMS. • Demonstrate that your management supports the operation of your ISMS. • Demonstrate that your management supports the monitoring of your ISMS. • Demonstrate that your management supports the review of your ISMS. • Demonstrate that your management supports the maintenance of your ISMS. • Demonstrate that your management supports the improvement of your ISMS. A Unit of Shahi Group

  19. ISO -27001:2005 series • 5.2 Resource management • 5.2.1 Provision of resources • Identify your organization’s ISMS resource needs. • Provide the resources that your ISMS needs. • Identify the resources that will be needed in order to ensure that your organization’s information securityprocedures support its business requirements. • Identify the resources needed to meet your organization’s legal security requirements. • Identify the resources needed to meet your organization’s regulatory security requirements. • Identify the resources needed to meet your organization’s contractual security obligations. • Identify the resources needed to ensure that all implemented security controls are correctly applied. A Unit of Shahi Group

  20. ISO -27001:2005 series • Identify the resources needed to ensure that ISMS management reviews are routinely carried out. • Identify the resources needed to ensure that you will be able to react appropriately to the results of your ISMS management reviews. • Identify the resources needed to ensure that you will be able to improve the effectiveness of your ISMS when required to do so. • 5.2.2 Training, awareness and competence • Ensure that all ISMS personnel are competent and can perform the tasks that are assigned to them. • Evaluate the effectiveness of your organization’s ISMS personnel training and employment activities. • Maintain records that document the competence of personnel performing work that affects your ISMS. • Make your personnel aware of how important their information security activities are. A Unit of Shahi Group

  21. ISO -27001:2005 series • Internal ISMS audits • ESTABLISH AN INTERNAL AUDIT PROCEDURE • Establish an internal ISMS audit procedure. • Document your internal ISMS audit procedure. • PLAN YOUR INTERNAL AUDITS • Plan your internal ISMS audit projects and activities. • Figure out how often internal audits should be done. • Schedule your internal audits at planned intervals. • Clarify the scope of each internal ISMS audit. • Specify the audit criteria for each internal audit. • Define your internal ISMS audit methods. • Select your internal ISMS auditors. A Unit of Shahi Group

  22. ISO -27001:2005 series • CONDUCT INTERNAL AUDITS • Carry out regular internal ISMS audits. • Audit your organization’s ISMS control objectives. • Audit your organization’s ISMS controls. • Audit your organization’s ISMS processes. • Audit your organization’s ISMS procedures. • TAKE REMEDIAL ACTION • Eliminate nonconformities and their causes. • Take follow up actions to ensure that nonconformities and causes have been eliminated without undue delay. • Verify that remedial actions have actually been taken. • Report the results of your verification activities. A Unit of Shahi Group

  23. ISO -27001:2005 series • 7 Management review of the ISMS • 7.1 General • Carry out management reviews of your ISMS. • Make sure that your organization’s management people review your ISMS at planned intervals. • Examine the performance of your ISMS. • Examine the ongoing suitability of your ISMS. • Examine the ongoing adequacy of your ISMS. • Examine the ongoing effectiveness of your ISMS. • Assess whether or not your organization’s ISMS should be changed or • improved. • Assess whether or not your information security policy should be changed or improved. • Assess whether or not your information security objectives should be changed or improved. • Keep a record of your ISMS management reviews. • Record the results of ISMS management reviews. A Unit of Shahi Group

  24. ISO -27001:2005 series • 7.2 Review input • Examine information about your ISMS (inputs). • Examine the results of prior management reviews. • Examine the results of previous ISMS audits. • Examine previous ISMS measurement results. • Examine the status of previous remedial actions. • Examine security issues that were inadequately addressed during the previous risk assessment. • Examine opportunities to improve your ISMS. • Examine changes that might affect your ISMS. A Unit of Shahi Group

  25. ISO -27001:2005 series • 7.3 GENERATE MANAGEMENT REVIEW OUTPUTS • Generate decisions and actions (outputs). • Generate management review decisions and actions to improve your organization’s ISMS. • Generate management review decisions and actions to improve your organization’s ISMS. • Generate management review decisions and actions to update your organization’s ISMS. • Generate management review decisions and actions to respond to events that affect the ISMS. • Generate management review decisions and actions to address your ISMS resource needs. A Unit of Shahi Group

  26. ISO -27001:2005 series • 8 ISMS improvement • 8.1 Continual improvement • Improve the effectiveness of your ISMS. • Use your security policy to continually improve the effectiveness of your ISMS. • Use your security objectives to continually improve the effectiveness of your ISMS. • Use your security audit results to continually improve the effectiveness of your ISMS. • Use your management reviews to continually improve the effectiveness of your ISMS. • Use your corrective actions to continually improve the effectiveness of your ISMS. • Use your preventive actions to continually improve the effectiveness of your ISMS. • Use your monitoring process to continually improve the effectiveness of your ISMS. A Unit of Shahi Group

  27. ISO -27001:2005 series • 8.2 Corrective action • Establish a corrective action procedure to prevent the recurrence of actual nonconformities. • Make sure that your corrective action procedure expects you to identify actual nonconformities. • Make sure that your corrective action procedure expects you to identify the causes of your nonconformities. • Make sure that your procedure expects you to evaluate whether you need to take action. • Make sure that your procedure expects you to develop corrective actions when they are needed. • Make sure that your procedure expects you to prevent the recurrence of actual nonconformities. • Make sure that your corrective action procedure expects you to eliminate the causes of your organization’s nonconformities. A Unit of Shahi Group

  28. ISO -27001:2005 series • Make sure that your procedure expects you to record the results of any corrective actions taken. • Make sure that your procedure expects you to review the results of any corrective actions taken. • Document your corrective actionprocedure. • Implement your corrective action procedure. • Use your organization’s corrective action procedure to identify nonconformities. • Use your organization’s corrective action procedure to identify causes. • Use your procedure to evaluate whether or not you need to take corrective action. • Use your procedure to develop corrective actions whenever corrective actions are actually needed. A Unit of Shahi Group

  29. ISO -27001:2005 series • Use your procedure to take corrective actions. • Use your procedure to prevent the recurrence of actual nonconformities. • Use your procedure to eliminate the causes of actual nonconformities. • Use your procedure to record the results of any corrective actions taken. • Use your procedure to review the corrective actions that have been taken. • Maintain your corrective action procedure. A Unit of Shahi Group

  30. ISO -27001:2005 series • 8.3 Preventive action • Establish a preventive action procedure to prevent the occurrence of potential nonconformities. • Make sure that your preventive action procedure expects you to identify potential nonconformities. • Make sure that your procedure expects you to identify the causes of potential nonconformities. • Make sure that your procedure expects you to evaluate whether or not your organization needs to take preventive action. • Make sure that your procedure expects you to develop preventive actions when they are needed. • Make sure that your procedure expects you to prevent the occurrence of potential nonconformities. A Unit of Shahi Group

  31. ISO -27001:2005 series • Make sure that your procedure expects you to eliminate the causes of potential nonconformities. • Make sure that your procedure expects you to record the results of any preventive actions taken. • Make sure that your procedure expects you to review the results of any preventive actions taken. • Document your preventive actionprocedure. • Implement your preventive action procedure. • Use your organization’s preventive action procedure to identify potential nonconformities. • Use your preventive action procedure to identify the causes of potential nonconformities. A Unit of Shahi Group

  32. ISO -27001:2005 series • Use your preventive action procedure to evaluate whether or not you need to take preventive action. • Use your preventive action procedure to develop preventive actions whenever they are needed. • Use your procedure to take preventive actions. • Use your preventive action procedure to prevent the occurrence of potential nonconformities. • Use your preventive action procedure to eliminate the causes of potential nonconformities. • Use your preventive action procedure to record the results of any preventive actions taken. • Use your preventive action procedure to review the preventive actions that have been taken. • Maintain your preventive action procedure. A Unit of Shahi Group

  33. Benefits of ISMS Certification • Assurance through discipline of compliance • Risk Management • Protect information assets from range of threats • Minimized security breaches • Use of appropriate controls • Prudent business practice • Secure Environment • Careful Contracting • Protection of IPR • Legal Compliance • Ensures Business Continuity • Increased Trust & Customer Confidence A Unit of Shahi Group

  34. “ Our main objective is to provide consistent and reliable quality in consultancy services to all our clients” we care with quality A Unit of Shahi Group

  35. For More Detail Visit our website www.shahifze.com www.shahienterprises.com A Unit of Shahi Group

  36. A Unit of Shahi Group A Unit of Shahi Group

More Related