Conduct a detailed study of the scope of developing an information security management system according to the ISO/IEC 27001:2013 standard to define a project plan (Project Plan) for implementing an information security management system. And requesting a certificate

Provide advice and advice on the establishment of the Information Security Management Committee (ISMS Committee) and the Information Security Management Working Group (ISMS Operation Team), and the auditors of the information security management system. Internal (Internal ISMS Auditor) and consulting on determining the committees' and working groups' duties and qualifications.

Consulting on organizational context preparation It covers the following essential things:

​

3.1. Organizational context, organizational environment, organizational structure regulations

3.2 Scope and objectives of the information security management system

3.3 Roles and structure of information security management

Consulting on the preparation of information security management policy documents (Information Security Management Service Policy)

Consulting in the preparation of information security policy documents (Information Security Policy)

Consulting on the preparation of documents on information security risk management processes

Consultation on risk assessment according to the developed process. Summary of information security risk assessment results

Consulting in formulating risk management guidelines by ISO/IEC 27001:2013 standards and preparing an Information Security Risk Treatment Plan by the policy and management objectives. Information Security Management

Consultation in preparing a document summarizing the information security measures (Statement Of Applicability: SOA) selected in the ISMS system according to the specified scope.

Consulting on the preparation of documents measuring the effectiveness of the information security management system (Effectiveness Measurement) to monitor and report the efficacy of the results resulting from the established effectiveness measurement criteria.

Consultation on preparing documents, procedures, or other documents that ISO/IEC 27001:2013 standards must carry out.

Consulting on the preparation of documents for internal audit procedures in the Information Security Management System internal audit plan and any other documents that must be carried out by ISO/IEC 27001:2013

Conduct an internal audit of the information security management system by acting as a guide and consulting in the audit. This ensures that the independent audit is by the standards.

Consulting in planning to improve and correct deficiencies from internal audits in the information security management system

Consulting on preparing information for management meetings to consider reviewing the development practices and operating the ISMS (Management Review of the ISMS).

Consulting on the preparation of documents for applying for ISO/IEC 27001:2013 international standard certification

Consultation in selecting auditors certified for ISO/IEC 27001:2013 (Certification Body) that are reputable and internationally recognized.

Provide advice on preparing documents and personnel related to the information security management system of the agency. For the ISO/IEC 27001:2013 certification audit, including advice during the ISO/IEC 27001:2013 certification audit.