Sep 9, 2024
Coral advised Nitor Infotech to implement ISO 27001 2022 requirements
Nitor Infotech is in the business of software development and associated services with office in Pune, India
Coral assisted Nitor in upgrading from ISO 27001:2013 to ISO 27001:2022.
Here are the key steps Coral implemented
Understand the Changes: Coral explain the new requirements to the client that made them aware of the new changes.
Gap Analysis
- Coral performed a Gap Analysis: Coral compared the current ISMS (Information Security Management System) against the requirements of ISO 27001:2022.
Updated Risk Assessment
- Review Risk Assessment Approach: Coral updated the risk assessment methodology enabling alignment with the updated controls and risk landscape.
- Incorporate New Controls: Coral Integrated the new controls from Annex A into the risk assessment, ensuring they are applied where necessary.
Updated ISMS Documentation
- Update Policies and Procedures: Coral revised existing policies, procedures, and other ISMS documentation to reflect the new requirements and controls.
- Update Statement of Applicability (SoA): Coral modified the SoA to map the new and updated controls, justifying their inclusion or exclusion based on your risk assessment.
- Update Control Implementation: Coral assisted in implementing the new required controls, and adjust existing controls to meet the revised requirements.
Training and Awareness
- Training: Coral educated relevant personnel on the changes in the standard and how it affects their roles. Coral ensured the team is aware of updated controls and processes.
- Raise Awareness: Coral conducted awareness sessions on the changes to ensure all employees understand the updated security measures.
Internal Audit
- Revised Audit Criteria: Coral updated the internal audit processes and checklists to reflect the new standard requirements.
- Conducted Audits: Coral carried out an internal audit to verify that your updated ISMS is compliant with ISO 27001:2022.
Management Review
- Conducted a Review: Coral assisted top management reviews the updated ISMS, including changes made to align with ISO 27001:2022.
- ISMS Performance: Coral assessed how well the ISMS is performing after implementing the updates, focusing on any identified risks and new controls.
By following these steps, Coral ensured a smooth transition from ISO 27001:2013 to ISO 27001:2022 while maintaining the integrity and effectiveness of Nitor ISMS.