About ISO-Metrics

ISO-METRICS

The Admin Panel is separate from the main application for security reasons

This tool is task oriented. For every module task is opened and required approvals are required to complete the task. It is a Workflow based tool.

It comes pre-populated with ISO controls.

It comes with some prepopulated compliance information. For example, Sample Issues and Interested parties are prepopulated which can be tweaked for the client’s need.

Document review and other process reviews are auto-reminded

There are some canned charts liked Issue Aging Graph, Process Maturity, Process Interaction etc.

This can be used as a Tool Kit to get a client ready for certification

It provides simplified version of HRMS, Asset Management, Change Management, Project Management, Supplier Management etc. – Very cost-effective solution for smaller companies

Overview

Employee Management (Background check, competence, training, disciplinary action
Asset Management (Including Maintenance and Calibration)
Organization setup (Policy, objectives)
Context of the Organization
Document Management
Change Management
Supplier Management
Compliance



Control Management
Process Management
Incident Management, Corrective Action, Preventive Action, Continuous Improvement
Risk Management interfaced with Statement of Applicability
Internal Audit & Management Review
Project (security consideration and Risk)
Security Objective

ISO 9000

ISO 9000Supports
4.1 Understanding the organization and its contextYes
4.2 Understanding the needs and expectations of interested partiesYes
4.3 Determining the scope of the quality management systemYes
4.4 Quality management system and its processesYes
5.1.2 Customer focusYes
5.2.1 Establishing the quality policyYes
5.2.2 Communicating the quality policyYes
5.3 Organizational roles, responsibilities and authoritiesYes
6.1 Actions to address risks and opportunitiesYes
6.2 Quality objectives and planning to achieve themYes
6.3 Planning of changesYes
7.1.2 PeopleYes
7.1.3 InfrastructureYes
7.1.4 Environment for the operation of processesYes
7.1.5 Monitoring and measuring resourcesYes
7.1.6 Organizational knowledgeYes
7.2 CompetencetYes
7.3 AwarenesstYes
7.4 CommunicationYes
7.5 Documented informationYes
8.1 Operational planning and controlYes
8.2 Requirements for products and servicesYes
8.2.4 Changes to requirements for products and servicesYes
8.3 Design and development of products and servicesYes
8.4 Control of externally provided processes, products and servicesYes
8.5 Production and service provisionYes
8.5.6 Control of changesYes
8.6 Release of products and servicesyYes
8.7 Control of nonconforming outputsYes
9.1 Monitoring, measurement, analysis and evaluationYes
9.2 Internal auditYes
9.3 Management reviewYes
10.2 Nonconformity and corrective actionYes
10.3 Continual improvementYes

ISO 20000-1

ISO 20001-1 ClauseSupports
4.1 Understanding the organization and its contextYes
4.2 Understanding the needs and expectations of interested partiesYes
4.3 Determining the scope of the quality management systemYes
4.4 Quality management system and its processesYes
5.1.2 Customer focusYes
5.2.1 Establishing the quality policyYes
5.2.2 Communicating the quality policyYes
5.3 Organizational roles, responsibilities and authoritiesYes
6.1 Actions to address risks and opportunitiesYes
6.2 Quality objectives and planning to achieve themYes
6.3 Planning of changesYes
7.1.2 PeopleYes
7.1.3 InfrastructureYes
7.1.4 Environment for the operation of processesYes
7.1.5 Monitoring and measuring resourcesYes
7.1.6 Organizational knowledgeYes
7.2 CompetencetYes
7.3 AwarenesstYes
7.4 CommunicationYes
7.5 Documented informationYes
8.1 Operational planning and controlYes
8.2 Requirements for products and servicesYes
8.2.4 Changes to requirements for products and servicesYes
8.3 Design and development of products and servicesYes
8.4 Control of externally provided processes, products and servicesYes
8.5 Production and service provisionYes
8.5.6 Control of changesYes
8.6 Release of products and servicesyYes
8.7 Control of nonconforming outputsYes
9.1 Monitoring, measurement, analysis and evaluationYes
9.2 Internal auditYes
9.3 Management reviewYes
10.2 Nonconformity and corrective actionYes
10.3 Continual improvementYes

Covers All the Clauses

4.0 Context of the Organization: Issues and Interested Parties

5.0 Security Policy, Roles and responsibility, Org Chart

6.0/ 8.0 Risk Management, SoA and Security Objectives

7.0 Resource Management: Job Description, Employee Competence, Skills Management, Training Record, Communication, Calibration, Equipment Maintenance

9.0 Performance evaluation, Internal Audit

10.0 CAR and Improvement.

Covers Most of the Controls

5.3 Change ManagementSecurity of assets off-premises
5.8 Project Management/ Change ManagementStorage media
8.19 Installation of software on operational systemsSupporting utilities
8.26 Application security requirementsUser end point devices
8.29 Security testing in development and acceptanceCapacity management
8.32 Change managementProtection against malware
Cl. 6.3 Planning of changesConfiguration management
5.9 Asset Management Installation of software on operational systems
5.11 Return of Asset Networks security
5.12 ClassificationInformation security in supplier relationships
5.13 LabelingAddressing information security within supplier agreements
Managing information security in the information and communication technology (ICT) supply chain




5.22 Monitoring, review and change management of supplier services
5.23 Information security for use of cloud services
5.2 R & R
6.1 Screening
6.2 Terms and conditions of employment
6.3 Information security awareness, education and training
6.4 Disciplinary process
6.5 Responsibilities after termination or change of employment
6.6 Confidentiality or non-disclosure agreements
5.24 Incident Management
5.25 Incident Management
5.26 Incident Management
5.27 Incident Management
5.28 Incident Management
6.8 Information security event reporting
Asset Management

A.5.9: Asset Inventory is maintained

A.8.01: User End Point Devices management

A.5.12: Asset Classification through Asset Type

A.7.1: Storage media is an Asset Type

A.8.06: Capacity Management

A.8.07: AV information

A.8.20: Network device is an Asset Type

A.8.19: Installation of SW is tracked via Change Management



Asset Management contd

This window maintains the asset change history. Change ticket is opened on the Change Management (A.8.32) Module to update the laptop from Win10 to Win11 which changed the Configuration (A.8.9) of the asset. This also keeps the record for Asset Return (A.5.11)


Change Management

Change Management tracks Segregation of Duties (A.5.3) based on who creates the ticket and who approves it. Change Management (A.8.32) Module and Project Management (A.5.8). This module also takes care of Planning of Changes (Cl. 6.3).


Project Management

A.5.8: Information security in project management A.8.29: Security Testing in Development and Acceptance A.8.26: Application Security Requirement .


Supplier Management

5.19: Information Security in supplier relationship is done by completing supplier questionnaire 5.21: ICT is considered as one of the supplier types 5.23: Cloud services is considered as one of the supplier types and for which “Exit Planning” is done. .


Supplier Review (A.5.22)

Supplier rating can be captured for a specific period .


Supplier Management

Supplier Risk Assessment can be done .


Employee Management

Onboarding checklist documents

6.1 Background screening

6.2 Terms and Conditions

6.3 Completion of Information security training

6.6: NDA

.


Employee Management

Offboarding checklist

(A.6.5) documents

Asset Return

Badge Return

Access Revoke

.


Employee Management

Offboarding checklist

(A.6.5) documents

Asset Return

Badge Return

Access Revoke

.


Employee Management

Offboarding checklist

(A.6.5) documents

Asset Return

Badge Return

Access Revoke

.


Strategic Issues

Clause 4.0 Context of the organization

Strategic Issue

It allows creating Issues, review and approval. It also allows annual review

Organization Context

It allows creating Interested Party, review and approval. It also allows annual review adding Needs & Expectations

Scope

is documented in the Organization profile



Interested Parties

Clause 5.0 Leadership

Job Description

Organization Structure

Scope

Employee management


Statement of Applicability

Creating SOA

Manage your Controls

Maintaining Control Version

Annex A Controls are pre-populated in the system
.

SOA Version Management

You can edit the current SOA to come up with the new version. Old versions are maintained

.


Control Implementation
.


Risk Impact

It allows you to define

Confidentiality

Availability

for each Asset Type which allows to calculate the Risk Impact


Risk Identification

Managing Preventive Action from Risk

Preventive Action

Confidentiality

Availability

Preventive Action Task Tracking


Risk Register

You can print the Risk Register in Excel


Review Risk

Data from previous risk assessment is imported to review the new situation. It allows you to edit the data to come up with the new risk register for the new period


Preventive Action

Preventive action is initiated through risk mitigation

In alignment with new standard

Like Corrective action it is also tracked through completion


Clause 7.0 Support

Employee Management

Training

Communication


Document Management

Documents Access control.

Document changes through proper review-approval process. Provision for External Review/ approvals.

Publish Documents for authorized users.

Keep Source Documents untouched through version control.

Move old Documents to Archive folder.

Obsolete Documents can be retired.

Maintain Document Change History.

Create and manage Document Templates

Assign Document Templates to create new document


Document List

Document Manager will have a list view of all documents & document templates, change (New / Change) requests.

Document manager can publish documents. Can also upload existing documents.


Document Action Assignment

Document Manager can assign create / change document task selecting reviewers and approvers.

Document Manager can track and manage tasks through workflow

Review and approval of documents are documented with time stamp

Version control is maintained


Document Review

Upload existing documents

Document Change

Track document change status & publish

Create & Manage Internal Audit

Ready for Audit

Adding Checklist Questions


Audit Questions (Checklist)

There are pre set questions for each clause and each control. You can add more questions


Performing Audit

Incident Management

Clause10.0 Improvement

Incident Management

Quick Fix and Corrective Action

Improvement


Incident List View

Manager can view detail information of an issue

Can tag with other issue

Can assign Quick Fix analysis and manage tasks

Can create and assign Corrective Action and manage tasks


Corrective Action Analysis

Can do the Root Cause Analysis (RCA) for Corrective Action / Preventive Action using tools like Cause & Effect, 5 Why Analysis etc.


Corrective Action

Issue is defined through 5W & 1H technique

Root cause analysis

5 why analysis

Cause & effect analysise


Improvement

Captures source of improvement

QC Tools for data analysis

Documents Cost Benefit analysis

Provides statistics on benefit due to improvement initiatives


Add New Suggestion for Improvement

Improvement Entered through Suggestion

Manager can view detail information of a suggestion for Improvement. Also can assign Cost & Benefit Analysis with Data analysis. Can manage analysis and tasks.


Process Management

Manage your processes, procedures, work instructions and maintain relations


Have Question?

Contact us

Address:

Protista Technologies Pvt Ltd
Webel IT Park, Tower - I,
4th Floor, Module - 405, BN4, BN Block,
Sector V, Salt Lake City, Kolkata,
West Bengal 700091

Phone:

+91-33-40622067

Email:

info@protistatech.com

Website:

www.protistatech.com