ANNEX B. Terms of Reference. CTBTO Information Security Management System Support on Call-off Basis
|
|
- Mervin Parker
- 8 years ago
- Views:
Transcription
1 ANNEX B Terms of Reference CTBTO Information Security Management System Support on Call-off Basis
2 Table of Contents Acronyms 3 Introduction 4 Background 4 Objectives and Expected Results 5 Scope of Work 6 Deliverables and acceptance criteria 9 Requirements of the Contractor and its Personnel 10 Terms of Reference - CTBTO ISMS Support on Call-Off basis Page 2 of 10
3 Acronyms ISMS DHCP DNS LAN PTS IDC CISSP CISA CISM Information Security Management System Dynamic Host Configuration Protocol Domain Name System Local Area Network Provisional Technical Secretariat International Data Centre Certified Information Security Systems Professional Certified Information Systems Auditor Certified Information Systems Manager ISO/IEC International Standards Organization/ International Electrotechnical Commission NGO QA SOA DMZ CTBT Non-Governmental Organization Quality Assurance Statement of Applicability De-Militarized Zone Comprehensive Nuclear-Test-Ban Treaty Terms of Reference - CTBTO ISMS Support on Call-Off basis Page 3 of 10
4 1. INTRODUCTION The Preparatory Commission for the Comprehensive Nuclear-Test-Ban Treaty Organisation (hereinafter referred to as the Commission ) is the international organisation setting up the global verification system foreseen under the Comprehensive Nuclear-Test-Ban Treaty (hereinafter referred to as the CTBT ), which is the Treaty banning any nuclear weapon test explosion or any other nuclear explosion. The Treaty provides for a global verification regime, including a network of 321 stations worldwide, a communications system, an international data centre and on-site inspections to monitor compliance. The Headquarters and the International Data Centre (hereinafter referred to as the IDC ) of the Preparatory Commission are in Vienna (Vienna International Centre of United Nations). One fundamental task of the Commission s International Data Centre is to provide States Parties with equal, open, timely and convenient access to agreed products and services to support their national CTBT verification requirements. An integral component of the distribution mechanism is the use of web technology. To this end, the Commission is seeking a Contractor with the technical expertise, experience and resources to support the development of an ISMS framework based on ISO 27001:2005 International Security Standard and using the PDCA process improvement model. The Contract shall be for an initial period of one year. The Commission shall have the option to extend the Contract for an additional three consecutive periods of 12 months. 2. BACKGROUND The Commission has established an elaborate Information Systems Infrastructure hosting a myriad of key services. In order, to ascertain the security posture of this architecture, and subsequently develop a roadmap for security improvement, the Commission has recently awarded an Information Security Risk Assessment contract to an independent assessor to conduct detailed security reviews on its Information Systems Infrastructure. A key deliverable of the risk assessment assignment is a CTBTO Information Security Roadmap for security improvement. This will serve the Commission in its planning to augment its security posture, processes and procedures and by adopting security best practices, standards and procedures, in particular ISO/IEC 27001:2005 the de facto standard for Information Security Management. The Commission wishes to develop its Information Security Management System (ISMS) using a process improvement model Plan, Do, Check, Act (PDCA) Model, see figure 1 below. The Contractor shall be required to support the Commission in its pursuit in establishing this process improvement ISMS model. Terms of Reference - CTBTO ISMS Support on Call-Off basis Page 4 of 10
5 Interested Parties Interested Parties Security Expectations and Requirements Managed Information Security Figure 1: PDCA Model continual process improvement of the ISMS These Terms of Reference define the legal and technical framework of all related activities to be performed by the Contractor. 3. OBJECTIVES AND EXPECTED RESULTS The overall objective of this Contract is to develop a framework for information security management - ISMS. This shall be achieved by adopting a PDCA model for security improvement and applying best practices described in ISO/IEC 27001:2005. The Commission shall also adopt as a minimum and where applicable, the control objectives and controls described in ISO/IEC for security management. The expected overall result of this Contract is to examine the security requirements of the Commission, and develop a framework for continual security improvement. Specific results of this assignment shall include fully documented security procedures for the Commission which shall culminate in new or improved procedures for the following areas: Security Policy Organisation of Information security Asset management Human Resources Security Physical and Environmental Terms of Reference - CTBTO ISMS Support on Call-Off basis Page 5 of 10
6 Communications and Operations Security Access Control Software Development Information Security Incident Management Business Continuity Management Compliance 4. SCOPE OF WORK Information is a key business asset; the Commission has recognised this and is seeking to safeguard the confidentiality, integrity and availability of its information assets. The tasks under this Contract are categorised into two areas (Administrative and Technical controls) described in figure 2 below. Information Security Management Security policies, security awareness, compliance/ governance, standards, procedures, etc Firewall management, antivirus, access controls, monitoring, virtualisation, etc Administrative Controls Technical controls Figure 2: Information Security Management The first set of tasks will improve the administrative and governance framework for security management whilst the second set of tasks will review technical security measures that are applied to safeguard the Information Systems Infrastructure. These control measures shall complement each other in providing the required security and protection against unauthorised disclosure or access to information; details are provided in sections 6.1 and 6.2 respectively. 5. LEVEL OF EFFORT FOR THE SERVICES The services shall involve periods of work mainly on-site at the premises of the Commission in Vienna, Austria, as well as off-site at the premises of the Contractor. The Commission estimates the Contractor s work to perform to be 60 percent on-site Terms of Reference - CTBTO ISMS Support on Call-Off basis Page 6 of 10
7 at the Commission s Headquarters and 40 percent off-site at the Contractor s premises. The effort invested to perform the work shall be quantified in Contractor man-days. One (1) Contractor man-day represents the effort by one (1) personnel of the Contractor, invested during one (1) day in performing the work ordered. The Commission estimates that the work expected to be performed under the contract will require a level of Contractor s effort between 100 and 300 Contractor man-days on and off-site over a period of one year after the Contract s signature. However, the Commission shall not be obliged to purchase a minimum or a maximum number of Contractor man-days for the work to be performed under the contract. 6. WORK TASKS 6.1. Administrative Controls: Acquire the necessary knowledge, develop and establish a governance framework for the Commission s ISMS The Contractor may be requested to provide on-request services, which may include the following: Provide support in safeguarding the Commission s Information assets by maintaining confidentiality, integrity and availability of its critical assets; Review existing Information Security Policies, procedures and processes and make recommendations for improvements; Provide support in establishing ISMS controls documentation, implementation and maintenance; and make recommendations for ISMS procedures; Review corporate risk evaluation criteria and align with recommended best practice of organisations of similar structure and objectives as the Commission; Review, evaluate risks and make recommendations for improvements (where necessary) on the Commission s outsourcing policy on Information Systems; Review, evaluate risks and make recommendations for improvements (where necessary) on the Commission s open source policy on Operating Systems and software; Review existing Security and IT Infrastructure (including database architecture, networks, applications, web services, virtualisation, etc), align them with ISO 27001:2005 recommended practices and highlight areas for improvement; Terms of Reference - CTBTO ISMS Support on Call-Off basis Page 7 of 10
8 Provide guidance and support in rolling out the Information Security Roadmap for the Commission; Review the Commission s PKI Key management policies, procedures and processes and make recommendations for improvement; Organise and conduct training on information security disciplines 6.2. Technical Controls: Provide Support, documentation and technical security reviews The Contractor may be requested to provide on-request services, which may include: DMZ/Network Architecture Designs/Reviews Provide regular vulnerability assessments / security reviews on the Commission s IT Infrastructure (including firewalls, routers, servers, mail services, DNS, etc) Provide forensic review / assessment of computer incidents where necessary; Review the security arrangements on the Global Communications Infrastructure and make recommendations for improvement. 7. ORGANIZATION OF WORK 7.1 The Commission, upon signature of the Contract, shall convene a kick-off meeting in Vienna to agree on detailed procedures for initiating; developing requirements for approving, implementing, testing and accepting the Work Orders under sections 6.1 and 6.2 and deliverables under section The Commission will request the initiation of the Work in form of Work Orders. The Contractor shall not perform any work not requested by the Commission and defined in Work Orders. 7.3 The Work Order will be based on one or more tasks described in Work Tasks 6.1 and 6.2. Each work order will contain further definitions and description of the exact nature of the work to be completed. 7.4 Coordination (a) The Contractor shall report directly to a single nominated point of contact in Terms of Reference - CTBTO ISMS Support on Call-Off basis Page 8 of 10
9 the Commission. (b) The Contractor shall conform to the Commission s working hours (8 hrs/day) and days (Monday to Friday) when working on-site at the Commission s headquarters. (c) If requested by the Commission in a Work Order the Contractor shall participate in Contract performance meetings, which may be organized at the Commission s Headquarters in Vienna or at the Contractor s premises. During these meetings, planning and performance under the Contract, as well as any relevant topic related to thereto may be reviewed, discussed and recorded. 7.5 Upon receipt of a work order, the Contractor shall provide at minimum, the following information in response to the work order to be approved by the Commission prior to the commencement of any work: Work plan and proposal schedule to accomplish the work; Assumptions, constraints and key risks that could affect the task completion and methods to manage the risks; CV of Contractor s consultant(s) nominated to perform the work. All CVs submitted for prior approval must detail the consultant(s) nominated to perform such work. Subsequent change of personnel(s) accepted for duty shall occur only after obtaining prior approval by the Commission. Total cost for completion of the work order, including;- o Number of man-days to be allocated to the work; o Place of work (on-site / off-site); o Travel costs; o Commencement date and completion date of work. 8. DELIVERABLES AND ACCEPTANCE CRITERIA At the end of a particular work under the Work Order, the Contractor shall submit to the Commission the deliverable as stated in the respective Work Order together with a status report. Terms of Reference - CTBTO ISMS Support on Call-Off basis Page 9 of 10
10 8.1. Status report The status report shall summarise the work performed, number of Contractor s Personnel mandays used, authorised travel and subsistence cost for onsite work, and other important technical and managerial issues relating to the Contract Acceptance criteria The deliverable and the status report shall be in accordance with the requirements of the Contract and the applicable work order and their acceptance by the Commission shall be subject to the satisfactory completion thereof. The deliverable and the status report shall be the basis for invoicing and payment. 9. REQUIREMENTS OF THE CONTRACTOR AND ITS PERSONNEL The Contractor shall meet or exceed the following qualifications: Proven track record in designing and implementing projects in relevant technical field(s), preferably in advising large governmental organisations and/or NGOs on information security issues and leading them through establishing an ISMS; Proven track record of managing projects of a similar scope and complexity Proven track record of applying Project Management and Quality Assurance (QA) measures / methodology; The Contractor shall be sufficiently large and stable in order to guarantee the level of long term commitment and support to the services foreseen in these Terms of Reference; The Contractor shall provide three references for undertaking similar activities with other organisations. The Contractor s personnel assigned to this Contract shall meet or exceed the following qualifications: Experience in information security management using ISO/IEC 27001:2005 best practice procedures; Experience in leading development of an ISMS; Demonstrated security expertise with one or more of the following security certifications: CISSP, CISA, ISO/IEC 27001:2005 ISMS Auditor/Lead Auditor, CISM. Terms of Reference - CTBTO ISMS Support on Call-Off basis Page 10 of 10
IBM Hosted Application Scanning
IBM Hosted Application Scanning Service Definition IBM Hosted Application Scanning 1 1. Summary 1.1 Service Description IBM Hosted Application Security Services Production Application Scanning Service
More informationISO 27001 Information Security Management Services (Lot 4)
ISO 27001 Information Security Management Services (Lot 4) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. LHIS TECHNICAL ASSURANCE SERVICES... 3 3. SERVICE OVERVIEW... 4 4. EXPERIENCE...
More informationThe Preparatory Commission for the Comprehensive Nuclear-Test-Ban Treaty Organization, hereinafter Commission ;
CONTRACT FOR LIMITED ACCESS TO INTERNATIONAL MONITORING SYSTEM DATA AND INTERNATIONAL DATA CENTER PRODUCTS OF THE PREPARATORY COMMISSION FOR THE COMPREHENSIVE NUCLEAR-TEST-BAN TREATY ORGANIZATION FOR SCIENTIFIC
More informationSecurity Control Standard
Security Standard The security and risk management baseline for the lottery sector worldwide Updated by the WLA Security and Risk Management Committee V1.0, November 2006 The WLA Security Standard is the
More informationAN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationCOMPREHENSIVE NUCLEAR-TEST-BAN TREATY PREAMBLE. The States Parties to this Treaty (hereinafter referred to as "the States Parties"),
COMPREHENSIVE NUCLEAR-TEST-BAN TREATY PREAMBLE The States Parties to this Treaty (hereinafter referred to as "the States Parties"), Welcoming the international agreements and other positive measures of
More informationDIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES
G Cloud IV Framework Lot 4 DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES Service Description - ANSEC IA Limited CONTENTS 1 Company Profile. 2 The ANSEC Effect 3 Qualifications 4 Service Description..
More informationIT Security. Securing Your Business Investments
Securing Your Business Investments IT Security NCS GROUP OFFICES Australia Bahrain China Hong Kong SAR India Korea Malaysia Philippines Singapore Sri Lanka Securing Your Business Investments! Information
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationSecurity audit advice For holders of all remote gambling operator licences including specified remote lottery licences
Security audit advice For holders of all remote gambling operator licences including specified remote lottery licences July 2015 1 Introduction 1.1 This July 2015 advice is updated from the previously
More informationTerms of Reference for an IT Audit of
National Maritime Safety Authority (NMSA) TASK DESCRIPTION PROJECT/TASK TITLE: EXECUTING AGENT: IMPLEMENTING AGENT: PROJECT SPONSOR: PROJECT LOCATION: To engage a professional and qualified IT Auditor
More informationICT and Information Security Resources
Methods GCloud Service Definition ICT and Information Security Resources HEAD OFFICE: 125 Shaftesbury Avenue, London WC2H 8AD Scottish Office: Exchange Place 2, 5 Semple Street, Edinburgh, EH3 8BL t: +44
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...
More informationRequest for Proposal (RFP) PUR1412/19
Request for Proposal (RFP) PUR1412/19 Provision of Information Security Risk Assessment, Benchmarking and Strategy Review for the European Bank for Reconstruction and Development 15 th December 2014 RESTRICTED
More informationREPUBLIC OF CROATIA REVENUE ADMINISTRATION MODERNIZATION PROJECT TERMS OF REFERENCE
REPUBLIC OF CROATIA REVENUE ADMINISTRATION MODERNIZATION PROJECT TERMS OF REFERENCE for the procurement of consulting services for Tax Administration's IT infrastructure enhancement Reference No. RAMP/C/05-11/CQS
More informationDirector, IT Security District Office Kern Community College District JOB DESCRIPTION
Director, IT Security District Office Kern Community College District JOB DESCRIPTION Definition Reporting to the Chief Information Officer, the Director of IT Security develops and implements procedures,
More informationUsing Information Shield publications for ISO/IEC 27001 certification
Using Information Shield publications for ISO/IEC 27001 certification In this paper we discuss the role of information security policies within an information security management program, and how Information
More informationCyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13
Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...
More informationEffective Defense in Depth Strategies
Honeywell.com 2014 Honeywell Users Group Asia Pacific Effective Defense in Depth Strategies for Industrial Systems 1 Document control number Honeywell Proprietary Honeywell.com Chee Ban, Ngai About the
More informationSpillemyndigheden s Certification Programme Information Security Management System
SCP.03.00.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 3 2.1 Certification frequency... 3 2.1.1 Initial certification...
More informationDates Venue Meeting/Event Target audience/participants Descriptions (Objectives, Deliverables, etc.) Lead Division(s) IDC
Disclaimer: The information was last updated on 3 July 2015. This list is updated on a regular basis. For the latest up-to-date information, please consult the web sites for Calendar of Events (http://www.ctbto.org/the-organization/calendar-of-events/)
More informationTERMS OF REFERENCE FOR CERTIFICATION BODIES (CBs)
TERMS OF REFERENCE FOR CERTIFICATION BODIES (CBs) AUGUST 2014 1. Introduction National Information Technology Authority (NITA-U) was established by the Act of Parliament (National Information Technology
More informationThe new 27000 Family of Standards & ISO/IEC 27001
ISO/IEC 27000 Family of Standards by Dr. Angelika Plate 07-09 June 2011, Beirut, Lebanon June 2011 The new 27000 Family of Standards & ISO/IEC 27001 June 2011 ISO/IEC 27000 Family of Standards 2 The new
More informationClient information note Assessment process Management systems service outline
Client information note Assessment process Management systems service outline Overview The accreditation requirements define that there are four elements to the assessment process: assessment of the system
More informationPCI DATA SECURITY STANDARD OVERVIEW
PCI DATA SECURITY STANDARD OVERVIEW According to Visa, All members, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard. In order to be PCI compliant,
More information61 Westminster Bridge Road, London, SE1 7HT Post holder may be required to work at other locations.
Job description Job Title: Location: Network Services Engineer 61 Westminster Bridge Road, London, SE1 7HT Post holder may be required to work at other locations. Grade: APT&C 34-37 Staff will normally
More informationInformation Security Awareness Training
Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information
More informationMalta Resources Authority Millennia, Aldo Moro Road, Marsa MRS 9065 Malta Telephone: (356) 21220619 Fax: (356) 22955200. Call for Quotations
Malta Resources Authority Millennia, Aldo Moro Road, Marsa MRS 9065 Malta Telephone: (356) 21220619 Fax: (356) 22955200 Call for Quotations Closing Date: 7 th October 2014 at 10:00 am Date Published: 16
More informationMINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE
MINISTRY OF FINANCE, PLANNING AND ECONOMIC DEVELOPMENT THE THIRD FINANCIAL MANAGEMENT AND ACCOUNTABILITY PROGRAMME (FINMAPIII) TERMS OF REFERENCE IT SYSTEMS COMPLIANCE AND QUALITY ASSURANCE SPECIALIST
More informationWe are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review
We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business
More informationSCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT
SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT Issue 1.0 Date 24/03/2011 Logica is a business and technology service company, employing 39,000 people. It provides business consulting, systems integration
More informationIT Heath Check Scoping guidance ALPHA DRAFT
IT Heath Check Scoping guidance ALPHA DRAFT Version 0.1 November 2014 Document Information Project Name: ITHC Guidance Prepared By: Mark Brett CLAS Consultant Document Version No: 0.1 Title: ITHC Guidance
More informationMaintaining Herd Communication - Standards Used In IT And Cyber Security. Laura Kuiper
Maintaining Herd Communication - Standards Used In IT And Cyber Security Laura Kuiper So what is Cyber Security? According to ITU-T X.1205 Cybersecurity is the collection of tools, policies, security concepts,
More informationCP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems
Certification Services Division Newton Building, St George s Avenue Northampton, NN2 6JB United Kingdom Tel: +44(0)1604-893-811. Fax: +44(0)1604-893-868. E-mail: pcn@bindt.org CP14 ISSUE 5 DATED 1 st OCTOBER
More informationANNEX A.1 TECHNICAL SPECIFICATIONS OPEN CALL FOR TENDERS F-SE-13-T01 WEB DEVELOPMENT SERVICES
ANNEX A.1 TECHNICAL SPECIFICATIONS OPEN CALL FOR TENDERS F-SE-13-T01 WEB DEVELOPMENT SERVICES Lot 1 Intranet Lot 2 Internet 1 Background information... 3 2 Scope of required services... 3 3 Definition
More informationAn Overview of ISO/IEC 27000 family of Information Security Management System Standards
What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information
More information1. Perimeter Security Dealing with firewall, gateways and VPNs and technical entry points. Physical Access to your premises can also be reviewed.
Service Definition Technical Security Review Overview of Service Considering the increasing importance of security, the number of organisations that allow for contingency in their Information Security
More informationMarket Data + Services. Advanced outsourcing solutions. IT Hosting and Managed Services
Market Data + Services Advanced outsourcing solutions IT Hosting and Managed Services Table of Contents 3 Table of Contents Introduction Market Data + Services powers the financial community with a range
More informationIBM Security in the Software Development Lifecycle
IBM Security in the Software Development Lifecycle Service Definition 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Technology Services, Security and Privacy, for the design
More informationforesightconsulting.com.au
Mr. James Kavanagh National Security Officer Microsoft Australia Level 4, 6 National Circuit, Barton, ACT 2600 02 March 2015 Microsoft Office 365 IRAP Assessment Letter of Compliance Dear Mr. Kavanagh,
More informationFrontier helps organizations develop and rollout successful information security programs
C O N S U L T I N G F O R I N F O R M A T I O N S E C U R I T Y Frontier helps organizations develop and rollout successful information security programs F R O N T I E R B U S I N E S S S Y S T E M S A
More informationInformation System Audit Guide
Australian Government Department of Defence Information System Audit Guide VERSION 11.1 January 2012 Commonwealth of Australia 2011 Page 1 TABLE OF CONTENTS 1. INTRODUCTION TO ACCREDITATION...4 2. THE
More informationInformation Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications
Thomas K. Lee, Executive Director/CIO Human Resources Department (518) 447-2906 Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) The New York State
More informationTfNSW Standard Requirements TSR T Technical Management
Template Applicable to: Transport Projects Quality Management System Status: Division: Approved Transport Projects Version: 5.0 Desksite No.: 3455797_1 Date of issue: 1 July 2014 Effective date: 1 July
More informationGUIDE 62. General requirements for bodies operating assessment and certification/registration of quality systems
GUIDE 62 General requirements for bodies operating assessment and certification/registration of quality systems First edition 1996 ISO/IEC GUIDE 62:1996(E) Contents Pag e Section 1: General 1 1.1 Scope
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationHKCAS Supplementary Criteria No. 8
Page 1 of 12 HKCAS Supplementary Criteria No. 8 Accreditation Programme for Information Security Management System (ISMS) Certification 1 INTRODUCTION 1.1 HKAS accreditation for information security management
More informationAsset Management Systems Scheme (AMS Scheme)
Joint Accreditation System of Australia and New Zealand Scheme (AMS Scheme) Requirements for bodies providing audit and certification of 13 April 2015 Authority to Issue Dr James Galloway Chief Executive
More informationCESG Certification of Cyber Security Training Courses
CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security
More informationManaging internet security
Managing internet security GOOD PRACTICE GUIDE Contents About internet security 2 What are the key components of an internet system? 3 Assessing internet security 4 Internet security check list 5 Further
More informationSpillemyndigheden s Certification Programme Change Management Programme
SCP.06.00.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the change management programme... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 4 2.1 Certification frequency...
More informationANNEX A.1 TECHNICAL SPECIFICATIONS OPEN CALL FOR TENDERS F/SE/10/07. Provision of MS Dynamics CRM Consultancy Services
ANNEX A.1 TECHNICAL SPECIFICATIONS OPEN CALL FOR TENDERS F/SE/10/07 Provision of MS Dynamics CRM Consultancy Services Table of Contents 1 Technical specifications 3 1.1 Objectives 3 2 Title of the Contract
More informationPolish Financial Supervision Authority. Guidelines
Polish Financial Supervision Authority Guidelines on the Management of Information Technology and ICT Environment Security for Insurance and Reinsurance Undertakings Warsaw, 16 December 2014 Table of Contents
More informationG-Cloud III Services Service Definition Accenture Cloud Security Services
G-Cloud III Services Service Definition Accenture Cloud Security Services 1 Table of contents 1. Scope of our services... 3 2. Approach... 3 3. Assets and tools... 4 4. Outcomes... 5 5. Pricing... 5 6.
More informationMANAGED SECURITY SERVICES
MANAGED SECURITY SERVICES Security first Safety first! Security is becoming increasingly important for companies, especially for the extension of networking to mission-critical environments, with new intranet
More informationManagement of Information Systems. Certification of Secure Systems and Processes
Management of Information Systems Certification of Secure Systems and Processes Information Security Management System (ISMS) ISO 27001 Protecting valuable information Information is an asset whose loss,
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationTECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS
TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS Technical audits in accordance with Regulation 211/2011 of the European Union and according to Executional Regulation 1179/2011 of the
More informationSTL Microsoft Dynamics CRM Consulting and Support Services
STL Microsoft Dynamics CRM Consulting and Support Services STL Technologies Equis House Eastern Way Bury St Edmunds Suffolk IP32 7AB Service Description and Pricing Specialist Cloud Services www.stl.co.uk
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core
More informationediscovery G-Cloud V Service Definition Lot 4 SCS Contact us: Danielle Pratt Tel: 0207 444 4080 Email: G-Cloud@esynergy-solutions.co.
ediscovery G-Cloud V Service Definition Lot 4 SCS Tender Validity Period: 120 days from 10/04/14 Contact us: Danielle Pratt Email: G-Cloud@esynergy-solutions.co.uk Contents About... 1 Specialist Cloud
More informationSTATEMENT BY AMBASSADOR PETER WILSON INFORMAL MEETING OF THE GENERAL ASSEMBLY TO MARK THE OBSERVANCE OF THE INTERNATIONAL DAY AGAINST NUCLEAR TESTS
STATEMENT BY AMBASSADOR PETER WILSON INFORMAL MEETING OF THE GENERAL ASSEMBLY TO MARK THE OBSERVANCE OF THE INTERNATIONAL DAY AGAINST NUCLEAR TESTS THURSDAY 5 SEPTEMBER 2013 This is my first week as the
More informationIRAP Policy and Procedures up to date as of 16 September 2014.
Australian Signals Directorate Cyber and Information Security Division Information Security Registered Assessors Program Policy and Procedures 09/2014 IRAP Policy and Procedures 09/2014 1 IRAP Policy and
More informationInformation Security Specialist Training on the Basis of ISO/IEC 27002
Information Security Specialist Training on the Basis of ISO/IEC 27002 Natalia Miloslavskaya, Alexander Tolstoy Moscow Engineering Physics Institute (State University), Russia, {milmur, ait}@mephi.edu
More informationC015 Certification Report
C015 Certification Report NexCode National Security Suite Release 3 File name: Version: v1a Date of document: 15 June 2011 Document classification: For general inquiry about us or our services, please
More information<cloud> Secure Hosting Services
Global Resources... Local Knowledge Figtree offers the functionality of Figtree Systems Software without the upfront infrastructure investment. It is the preferred deployment solution for organisations
More informationNABET Criteria for INFORMATION SECURITY MANAGEMENT SYSTEMS (ISMS) Lead Auditor Training Courses
NABET Criteria for INFORMATION SECURITY MANAGEMENT SYSTEMS (ISMS) Lead Auditor Training Courses - 0 - Section 1: INTRODUCTION 1.1 This auditor/lead auditor training course shall provide training for potential
More informationISO/IEC 17021:2011 Conformity assessment Requirements for bodies providing audit and certification of management systems
ISO/IEC 17021:2011 Conformity assessment Requirements for bodies providing audit and certification of management systems The publication of ISO/IEC 17021:2011 introduces some important new requirements
More informationISO 27001:2005 & ISO 9001:2008
ISO 27001:2005 & ISO 9001:2008 September 2011 1 Main Topics SFA ISO Certificates ISO 27000 Series used in the organization ISO 27001:2005 - Benefits for the organization ISO 9001:2008 - Benefits for the
More informationThis is a preview - click here to buy the full publication
TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems
More informationGCloud 7 Hybrid Cloud Management Service- Service Description Issue 1
Overview of the Hybrid Cloud Management Ideal recognise that enterprises wishing to leverage hybrid (private and public) cloud infrastructure face a number of key technical and organisational challenges:
More informationProtective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open
Protective Monitoring as a Service Version: 1.0, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this
More informationInformation Security Management Systems
Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector
More informationPractitioner Certificate in Information Assurance Architecture (PCiIAA)
Practitioner Certificate in Information Assurance Architecture (PCiIAA) 15 th August, 2015 v2.1 Course Introduction 1.1. Overview A Security Architect (SA) is a senior-level enterprise architect role,
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationETSI TS 119 403 V2.1.1 (2014-11)
TS 119 403 V2.1.1 (2014-11) TECHNICAL SPECIFICATION Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing
More informationINFORMATION TECHNOLOGY MANAGEMENT CONTENTS. CHAPTER C RISKS 357-7 8. Risk Assessment 357-7
Information Technology Management Page 357-1 INFORMATION TECHNOLOGY MANAGEMENT CONTENTS CHAPTER A GENERAL 357-3 1. Introduction 357-3 2. Applicability 357-3 CHAPTER B SUPERVISION AND MANAGEMENT 357-4 3.
More informationLand Registry. Version 4.0 10/09/2009. Certificate Policy
Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2
More informationNATO GUIDANCE ON THE USE OF THE AQAP 2000 SERIES
NATO GUIDANCE ON THE USE OF THE AQAP 2000 SERIES (June 2003) I ORIGINAL Page blank II ORIGINAL NORTH ATLANTIC TREATY ORGANIZATION NATO STANDARDISATION AGENCY (NSA) NATO LETTER OF PROMULGATION June 2003
More informationt +61 2 6100 7714 a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e info@foresightconsulting.com.au foresightconsulting.com.
e info@ Mr. James Kavanagh Chief Security Advisor Microsoft Australia Level 4, 6 National Circuit, Barton, ACT 2600 17 September 2014 Microsoft Azure IRAP Assessment Letter of Compliance Dear Mr. Kavanagh,
More informationNEC s Efforts for Security NEC s Security Solution and Trend of Security Consulting Business
NEC s Efforts for Security NEC s Security Solution and Trend of Security Consulting Business By Masashi SUGIURA* This paper is intended to summarize the security solutions of NEC together with the present
More informationTRANSPORT FOR LONDON (TfL) LOW EMISSIONS CERTIFICATE (LEC) GUIDANCE NOTES FOR THE COMPANY AUDIT PROCESS. LEC (Company Audit) Guidance Notes
TRANSPORT FOR LONDON (TfL) LOW EMISSIONS CERTIFICATE (LEC) GUIDANCE NOTES FOR THE COMPANY AUDIT PROCESS LEC (Company Audit) Guidance Notes Glossary of Terms Transport for London (TfL) London Low Emission
More informationRequest for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon
Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon Request for Proposal P a g e 2 Table of Contents 1.
More informationLegislative Council Panel on Information Technology and Broadcasting. Information Security
For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest
More informationAn Approach to Records Management Audit
An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION
More informationGeneral Rules for the certification of Management Systems
General Rules for the certification of Management Systems Effective from 19/11/2015 RINA Via Corsica 12 16128 Genova - Italy tel. +39 010 53851 fax +39 010 5351000 website : www.rina.org Technical rules
More informationTerms and Conditions of Use - Connectivity to MAGNET
I, as the Client, declare to have read and accepted the terms and conditions set out below for the use of the network connectivity to the Malta Government Network (MAGNET) provided by the Malta Information
More informationCACI Cloud Consulting Services
Index 1. Summary... 3 2. Services provided... 3 2.1. Advisory... 3 2.2. Strategy and Architecture... 4 2.3. Cloud Application Development... 7 2.4. Cloud Service Management... 8 3. Pricing... 10 Page 2
More informationInformation Security Management Systems
Information Security Management Systems Information Security Management Systems Conformity Assessment Scheme ISO/IEC 27001:2005 (JIS Q 27001:2006) ITMangement Center Japan Information Processing Development
More informationCOMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES
COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES BSI TR-03139 Version 2.1 27 May 2013 Foreword The present document
More informationof 28 September 2007 (Status as of 1 April 2010)
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Ordinance on Data Protection Certification (DPCO) 235.13
More informationISMS Implementation Guide
atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-615-7300 Fax: 512-615-7301 www.atsec.com ISMS Implementation Guide atsec information security ISMS Implementation
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security and Challenges Agenda Overview of Information Security Management Information
More informationCONSOLIDATED VERSION IEC 62304. Medical device software Software life cycle processes. colour inside. Edition 1.1 2015-06
IEC 62304 CONSOLIDATED VERSION Edition 1.1 2015-06 colour inside Medical device software life cycle processes INTERNATIONAL ELECTROTECHNICAL COMMISSION ICS 11.040 ISBN 978-2-8322-2765-7 Warning! Make sure
More informationJOB DESCRIPTION REF: 50039237
JOB DESCRIPTION REF: 50039237 Note: This job description does not form part of the employee s contract of employment but is provided for guidance. The precise duties and responsibilities of any job may
More informationNeed to protect your information? Take action with BSI s ISO/IEC 27001.
Need to protect your information? Take action with BSI s ISO/IEC 27001. Put sensitive customer and company information in the safe hands of ISO/IEC 27001. You simply can t be too careful when it comes
More information