INFORMATION SECURITY MANAGEMENT

SYSTEM MANUAL

Works
501, 5 th Floor, Tower-A, Spaze I-Tech Park, Sohna
Road, Sector-49, Gurgaon-122018(Haryana), India

Contact Details
Phone No. :0124-4201824
Email: anjul.pratyush@thinktalentindia.com,
anjul.pratyush@thinktalentindia.com,
Mobile No.: 8800636890
Website: www.thinktalent.co

SCOPE: Digital Platform and services for Talent Management

Exclusion: 10.1.1, 10.1.2, 14.2.7 & 18.1.5 of SOA(Version1.1)

ISMS MANUAL (TTS ISMS 02) 1

 Author Reviewer Version Last updated Comments
(DD/MM/YYYY)

(Director) (MR) TTS/ISMS/ 12-09-2018 Initial Issue

Clause 0.0 01

(Director) (MR) TTS/ISMS/ 31-01-2019 Update with Stage-1 audit’s NC, and
Clause 0.0 02 correct the formatting

ISMS MANUAL (TTS ISMS 02) 2

 Table of Contents
1. Issue Control ................................................................................................................................... 5
1.1 Issue ........................................................................................................................................ 5
1.2 Distribution ............................................................................................................................. 5
2. Change History ................................................................................................................................ 5
3. Introduction .................................................................................................................................... 6
3.1 Purpose ................................................................................................................................... 6
3.2 Scope ....................................................................................................................................... 6
3.3 Brief History of the organization ............................................................................................. 6
4. Context of the Organization............................................................................................................ 7
4.1 Understanding the Organization and its context:................................................................... 7
4.2 Understanding the needs and expectations of Interested parties ......................................... 7
4.3 Determining the scope of the Information Security Management System ............................ 7
4.4 Information Security Management System and its processes. .............................................. 7
5. Leadership ....................................................................................................................................... 8
5.1 Leadership and Commitment ................................................................................................. 8
5.2 Policy ....................................................................................................................................... 8
5.3 Organizational Responsibility, Authority ................................................................................ 9
6. Planning........................................................................................................................................... 9
6.1 Actions to address risk and opportunities .............................................................................. 9
a. General.................................................................................................................................... 9
b. Information Security Risk assessment .................................................................................. 10
c. Information Security Risk Treatment .................................................................................... 10
6.2 Information Security Objectives and planning to achieve them .......................................... 10
7. Support.......................................................................................................................................... 10
7.2 Competence .......................................................................................................................... 11
7.3 Awareness ............................................................................................................................. 11
7.4 Communication ..................................................................................................................... 11
7.5 Documented Information ..................................................................................................... 11
a. General.................................................................................................................................. 11
b. Creating and Updating .......................................................................................................... 12
c. Control of the Documented Information .............................................................................. 12
8. Operation ...................................................................................................................................... 14

ISMS MANUAL (TTS ISMS 02) 3

 8.1 Operation Planning and control:........................................................................................... 14
8.2 Information Security Risk Assessment .................................................................................. 15
8.3 Information Security Risk treatment .................................................................................... 15
9. PERFORMANCE EVALUATION ....................................................................................................... 15
9.1 Monitoring, Measurement, analysis and evaluation ............................................................ 15
9.2 Internal Audit ........................................................................................................................ 15
9.3 Management Review ............................................................................................................ 16
a. General.................................................................................................................................. 16
b. Review Input ......................................................................................................................... 16
c. Review Output ...................................................................................................................... 16
10. IMPROVEMENT ......................................................................................................................... 17
10.1 Non-Conformity and Corrective action ................................................................................. 17
10.2 Continual Improvement ........................................................................................................ 17

ISMS MANUAL (TTS ISMS 02) 4

Approved by Revision No. 0 Clause Page No
(MR) Date: 0.0 2 of 2

1. Issue Control
1.1Issue
This Information Security Management System Manual has been prepared in accordance
with ISO 27001: 2013 standards. It outlines the Information security Management system
requirements, which the company has adopted to meet the requirements of the
standards and company business objectives.
The Management shall issue the Manual. It shall be controlled as per the Clause 7.5.3 of
this Manual. All authorized holders as per distribution list shall be responsible for
implementation of the Information Security Management System in their respective area.
Individuals in possession of the controlled copies shall receive revision or amendments as
and when issued.
Information Security Management System manual may be issued outside the
Organization (if required) It shall however not be controlled, shall not have copy no. and
shall be stamped 'Uncontrolled'. No distribution record shall be maintained.
During the internal audit the concerned clauses shall be reviewed to ensure compliances
to the current business practices and effectiveness of the defined processes.

1.2 Distribution
This Manual shall be distributed as per the following distribution list:
Copy No Holder
1 Managing Director
2 Chief Operating Officer (COO), Director
3 Principal Architect (MR)
4 Consultant Operations
5 Certification Body
Note Management representative copy shall be treated as the Master Copy.

Approved by Revision No. 0 Clause Page No

(MR) Date: 1.0 1 of 1

2. Change History

ISMS MANUAL (TTS ISMS 02) 5

 Author Reviewer Version Last updated Comments
(DD/MM/YYYY)

(Director) (MR) TTS/ISMS/ 12-09-2018 Initial Issue

Clause 0.0 01

3. Introduction
3.1 Purpose
The purpose of this INFORMATION SECURITY MANAGEMENT SYSTEM MANUAL is to
describe the information security system adopted by the organization. It has been
prepared to outline how the organization conducts its own affairs with respect to the
business objectives achievement. It is also intended to serve as a document for the
organization’s own staff and workforce for the understanding the organization’s policy
and procedures.

3.2 Scope
The INFORMATION SECURITY MANAGEMENT SYSTEM MANUAL describes the way in
which the system operated by the organization satisfied the requirement of ISO
27001:2013. The system is applicable to M/S TAHINK TALENT SERVICES PVT. LTD. for the
scope of Digital Platforms and services for Talent Management. The INFORMATION
SECURITY MANAGEMENT SYSTEM MANUAL shall contain the Mandatory Procedures. All
applicable formats shall be referred at the appropriate locations of this manual. The Work
Instructions and the formats shall be available in the different files.

3.3 Brief History of the organization

We are a Talent Solutions company, founded in 2010 by HR Practitioners of repute. The
team of over 50 people has deep expertise in designing and implementing solutions
covering the spectrum of Talent Management. Our associate network of over 75
specialists in various domains and industries adds further strength to our implementation
capability and capacity.
We are a Talent Solutions company supporting organizations in areas of assessment, on
boarding, engagement, performance management and people development.
We have worked with over 200 clients across 10 countries across a range of industries.
Our approach is practical, implementation focused and our solutions are co-created with
our clients. Our cutting-edge solutions are a combination of deep content expertise and
context appreciation, robust technology platforms and pragmatic consulting skills.

ISMS MANUAL (TTS ISMS 02) 6

 Our tagline speaks of our purpose.
"Enabling endurance, robustness, sustainability for client organizations."

Approved by Revision No. 0 Clause Page No

(MR) Date: 3.0 1 of 1

4. Context of the Organization

4.1 Understanding the Organization and its context:
The organization shall determine and maintain the internal and external issues pertaining
to the Digital Platforms and services for Talent Management, customer related, external
providers and legal issues. The same shall be identified in the organization as (1) Platforms
and services for Talent Management will be identified and considered for the risk
assessment (2) and marketing, supplier, legal issues, man and money will be recorded in
the register and CAPA shall be generated.

4.2 Understanding the needs and expectations of Interested parties

The organization shall determine and maintain the interested parties that are relevant to
the Information Security Management System and the requirements of these interested
parties that are relevant to the Information Security Management System.
The details of the Interested parties (Internal and external) are maintained as DOC. 4.1,
version 1.0 dated 15.11.2018

4.3 Determining the scope of the Information Security Management

System
The scope for the information Security management system as applicable to M/s Think
Talent Services Pvt. Ltd. is as given one the cover page of the manual.

4.4 Information Security Management System and its processes.

The risk assessment shall be done / reviewed on regular basis (at least once per year) or
as felt necessary by the management.
The action required to mitigate the risk identified are recorded and maintained.
Other methods which are used to find out the gaps are the internal and external audits
and management review meeting etc.
Reference
List of Interested Parties: DOC 4.1
ISMS Policies: DOC 5.1

Approved by Revision No. 0 Clause Page No

(MR) Date: 4.0 1 of 1

ISMS MANUAL (TTS ISMS 02) 7

5. Leadership
5.1 Leadership and Commitment
The management shall demonstrate leadership and commitment with respect to the
Information SECURITY Management System by:

• Taking accountability for the effectiveness of Information Security Management

System
• Ensuring that the information Security policy and information Security objectives are
established for Information security management and compatible with the context and
strategic direction of the organization.
• The Information Security Management System and the business activities are
integrated.
• Process and risk base thinking are used.
• Ensuring the availability of the resources
• Effective communication of requirement of Information Security Management
• The process objectives are achieved
• Engaging, directing and supporting persons to contribute to the effectiveness of the
ISMS and promoting improvement.
5.2 Policy
The Information security policy of the organization is:
The Board and management of m/s Think Talent Services Pvt. Ltd. located at 501, 5th
floor, Tower-A, Spaze I-Tech park, Sohna Road, Sector- 49, Gurgaon-122018 (Haryana),
India.
ISMS Policy Statement
Think Talent Services Pvt. Ltd. is committed towards securing the Confidentiality, Integrity
and Availability of information for the day-to-day Business and operations. The security
of information and other assets is therefore regarded as fundamental for the successful
business operation of Think Talent Services Pvt. Ltd.
Think Talent Services Pvt. Ltd. has adopted an Information Security Management System
(ISMS) comprising of the Information Security Policies, Procedures and Processes to
effectively protect data/information of the organization and its customers from
information security threats, whether internal or external, deliberate or accidental.
The management of Think Talent Services Pvt. Ltd. is committed to ensure that:

• Regulatory and legislative requirements related to operation are met

• The confidentiality of information is protected and prevent disclosure of valuable or
sensitive information
• The integrity of information is maintained to ensure its accuracy and completeness
• The availability of information is maintained to meet business needs and client’s
requirements
• Business continuity plans are developed, maintained and tested

ISMS MANUAL (TTS ISMS 02) 8

 • Information security awareness is provided to all employees of Think Talent Services
Pvt. Ltd.
• Emergency Incident management process and employee hand book have been
established and implemented to ensure that all breaches of information security,
actual or suspected are reported and investigated
• Risks are mitigated to an acceptable level through a risk assessment and investigation
procedure.
• The information security management system is continually improved
• Appropriate resources are allocated in order to implement, operate and review an
effective Information Security Management System adopted for the activities for
Talent Management Services.
The management acknowledges the need of continual improvement and has introduced
various methods to ensure that effectiveness and continual improvement of the
processes are achieved.
Think Talent Services Pvt. Ltd. Shall follow a formal disciplinary process (employee hand
book) for employees who have allegedly violated the information security policies and
procedures.
The organization shall ensure that the review of the Information Security Policy and
related documents is performed at least once in a year during management review
meeting or when significant changes occur to ensure suitability, adequacy, and
effectiveness of the ISMS framework
Signed by: Director Date: 31.01.2019

The objectives shall be made available in the form of Measurement analysis chart.

5.3 Organizational Responsibility, Authority

The organization structure of Think Talent Services Pvt. Ltd. is shown in this MANUAL. This
structure simply shows functional relationships and responsibilities. This does not imply
relative seniority or importance of the position:
The responsibility of each individual shall be given to him separately to understand his
duties and the same are detailed in the individual personal files available with the personal
department: -

Approved by Revision No. 0 Clause Page No

(MR) Date: 5.0 1 of 1

6. Planning
6.1 Actions to address risk and opportunities
a. General
When planning the Information Security Management System, the organization shall
consider the issues and requirements and determine the risk and opportunities that
need to be addressed to:

ISMS MANUAL (TTS ISMS 02) 9

 • Giving assurance that the Information Security Management System can achieve its
intended use.
• Enhance desirable effects.
• Prevent or reduce, undesirable effects.
• Achieve improvement
b. Information Security Risk assessment
The organization has defined and applied an information security risk assessment
procedure ref. no. DOC 17.1.1. The procedures explain the followings:
• The risk acceptance criteria.
• Criteria for performing information security risk assessment
• Criteria for categorization the Risk and opportunities.
The procedure defines the information security risk assessment process to identify risk
associated with the loss of confidentiality, integrity, and availability for information
within the scope of the ISMS and Identify the risk owner
The procedures have details of analysis of the information security risk and evaluation
of the information security risk.
The organization shall plan to address these risk and opportunities.
The details for the Risk assessment are done as per the Risk Management procedure
ref. No.DOC 17.1.1 version 01 and the record is maintained for the various areas.

c. Information Security Risk Treatment

On the basis of the outcome of the risk assessment done for the concerned areas are
maintained in the form of Risk treatment procedure and records.

6.2 Information Security Objectives and planning to achieve them

The objectives identified shall be made available in the form of “Measurement Analysis
chart “The same shall be reviewed time to time and new targets will be identified as and
when the same is required.

Reference
Procedure for risk assessment : DOC 17.1.1
List of internal & external issues : DOC. 4.1
Responsibility and authorities (KRA) : DOC. 7.2.1
Record of Risk and opportunities : DOC. 17.1.1F01
ISMS objectives : DOC. 5.3
Organization structure : DOC. 6.1
Approved by Revision No. 0 Clause Page No
(MR) Date: 5.0 1 of 1

7. Support
7.1Resources

ISMS MANUAL (TTS ISMS 02) 10

 The organization has determined and provided resources that are needed for
establishment, implementation, maintenance and continual improvement of Information
Security Management System.

7.2 Competence
The organization has a defined criterion for the competence level required for the various
positions. The same is available in the employee hand book of the organization.
While appointing the new person for a particular post, the same is compared in terms of
Education, training or experience.
If the enhancement of the competence is required and it is provided through training etc.
the effectiveness of the training imparted assessed and record maintained.

7.3 Awareness
It is ensured that the people working in any area are aware of the followings:
• The information security policy
• Responsibility to fulfil the requirements including benefits for the improvement in the
information security management systems.
• The implication of not conforming with the information security management systems.
7.4 Communication
The organization shall determine the need for internal and external communication
relevant to the information security management systems including:
• On what to communicate
• When to communicate
• With whom to communicate
• Who shall communicate?
• The processes by which the communication will be effective
• For details the communication matrix ref. no. DOC.6.1.1 version 1.0 may be referred.
7.5 Documented Information
a. General
The organization has developed and documented its information security management
system to ensure that products conform to the specified requirements. The information
security management system covers the organizational structure, responsibilities,
procedures, processes and resources for implementing effective Information Security
Management System.
The information security management system documented in this MANUAL, describes the
policies and procedures in the various areas of the organization describing different
function that ensure compliance to the requirements of ISO 27001: 2013 standard.

Reference
List of machines for preventive maintenance : DOC.11.2.4
: F01
Preventive maintenance Record : DOC.11.2.4 F02

ISMS MANUAL (TTS ISMS 02) 11

 Break down record : DOC. 11.2.4 F03
Approved by Revision No. 0 Clause Page No
(MR) Date: 7.0 1 of 3
The reference of Procedure, Work Instruction, records and specifications shall be made
available at appropriate section of this Manual. The detailed Organization Structure is
given in DOC. 6.1 of this Manual. The detailed interaction between the processes of the
Information Security Management System has been given in this Manual.

b. Creating and Updating

INFORMATION SECURITY MANAGEMENT SYSTEM MANUAL (TTS/ISMS/01)
This document defines the policy and objectives of the organization addressing the
requirements of ISO 27001:2013 it refers to the other levels of information security
management system documentation at appropriate place. Each section of the manual
describes a particular aspect of the ISMS and related procedures. SOA does not have the
details of sections as detailed on the cover page of the manual, the justification of the
exclusion is provided in the respective section of the statement of applicability.
This information security management system manual shall be numbered as
TTS/ISMS/XX, Where-
TTS: M/S TALENT THINK SERVICES PVT. LTD.
ISMS: Information security management system manual
XX: Issue Status of the Manual
Procedures: The procedures required by this international standard are prepared as per
the procedure for the documentation control and generation procedure.

c. Control of the Documented Information

Document Control procedures shall apply in the documents described in section 7.5.2 of
the Information security management system manual and associated formats, checklists,
guidelines etc. It shall also be applicable to various external standards, specifications that
are used in the organization.
All documents shall be prepared, reviewed and approved for adequacy by M.R. prior to
issue to all concerned and subsequently controlled. Changes to controlled documents
shall be reviewed approved and documents updated as per this manual.
INFORMATION SECURITY MANAGEMENT SYSTEM MANUAL shall be available to all
personnel as per distribution list.
Status of documents issued shall be recorded in the master document list under the
control of
the Management Representative. For the modification and updating of any document,
the procedure for Document and data control shall be followed.
The old version of all masters shall be stamped as obsolete document and kept in the
Obsolete Document Record File.

ISMS MANUAL (TTS ISMS 02) 12

 Distribution of all documents shall be done as the original distribution and record of the
same shall be maintained in the Master Document itself.
All stamps e.g. Controlled document, Master document, uncontrolled documents,
obsolete document and Document History stamps shall be maintained and controlled by
the M.R.
Putting the document history stamps on the front of the document shall control all
external origin documents. The same shall be taken in the master list. Master list showing
the distribution and issue status shall be maintained and separate file for the External
Origin documents shall be maintained.

Approved by Revision No. 0 Clause Page No

(MR) Date: 7.0 2 of 3
The re approval of the modified document shall be done by the same authority who has
approved the document originally.
The soft copies of the information security management system documents will be shared
through a shared drive. the specific user shall be given the access control for read and write
as applicable.
The distribution list of the document shows the document available with the various
departments.
All new documents and modified documents shall be distributed to the concerned holders as
per distribution list. Authorized holders of the documents, used and referred in the quality
system shall be responsible to maintain updated versions of these documents.
All documents shall be approved by the M.R. Document shall be stamped as controlled on the
front page of document using blue ink. The master shall be stamped as master document on
the reverse side of the document by red ink.
Effective date of all documents shall be the date of issue; the date of revision shall be put only
when the documents are amended. The rev. no. of the amended document shall be increased
by one for every amendment, the Edition no. and date of issue shall remain the same unless
the complete document is re-issued.
This will be ensured that documents are legible and readily identifiable.
The amended portion in the document shall be identified by highlighting / underlining. This
will be ensured that the relevant version of the documents is available at the place of use. If
any Obsolete Document needed to retain in the work place, the same shall be identified by
putting the stamp “OBSOLETE DOCUMENT – RETAINED” on the front side of the Document
using Blue Ink. The stamp control on the soft copy of the document shall not be applicable.
For further details the procedure for CONTROL OF DOCUMENTS (DOC 18.1.2) may be
referred.

Reference
Mater list of documents : DOC. 18.1.2 F01

ISMS MANUAL (TTS ISMS 02) 13

 Procedure for control of documents : DOC. 18.1.2
Procedure for control of records : DOC. 18.1.3
List of employees : DOC.7.2.1 F01
Attendance sheet : DOC. 7.2.1 F04
Training records : DOC.7.2.1 F03
Training calendar : DOC.7.2.1 F02
Communication Matrix : DOC.6.1.1
Competence Matrix : DOC. 7.2.1 F05
Approved by Revision No. 0 Clause Page No
(MR) Date: 7.0 2 of 3

8. Operation
8.1 Operation Planning and control:
The planning of the processes to meet the requirement of the customer is achieved
through the various procedures and the statement of applicability.
These documents describe: -
• Sequence of operations and sub operations required to realize the services.
• The control on the processes and the activity as applicable.
• The description of the non-applicability of the control points.
• The business activity starts with the generation of leads through:
▪ Sales team (b) Management
▪ If the requirements are received through the sales team, the customer
interaction is done with the solution team for gathering the information from
the client through requirement gathering form.
▪ If the information received through the management the above activity (b) is
done by the management itself and the complete information are gathered
and handed over to the solution team.
▪ The solution team decides that what solutions and services are best suited to
the customer and the same is send to the customer for approval.
▪ The approval note is sent to the client including payment and payment terms
▪ The negotiation takes place between the client and the sales team and the
approval takes place
▪ The creation of solution takes place with the help of tech team.
▪ Once the creation is completed, the testing is done internally and handed over
to the client for user acceptance testing (UAT)
▪ The project is then deployed with the help of operation team as per the terms
and conditions stated in the agreement.
▪ The service supports are provided as per the need of the customer.

ISMS MANUAL (TTS ISMS 02) 14

 8.2 Information Security Risk Assessment
The risk assessment is done / reviewed at least once a year to assess the risk level in the
Information security management system applicable for the scope of services.
The record of the risk assessment of the various areas are maintained in the form of Risk
assessment record.

8.3Information Security Risk treatment

The risk treatment is done as per the procedure ref. No. DOC 17.1.1 version 1.0
The record of this effect shall be maintained.

9. PERFORMANCE EVALUATION
9.1Monitoring, Measurement, analysis and evaluation
The measurement and monitoring activities needed to assure conformity in the
operations performed in the organization have been defined.
The Process improvement is an ongoing activity and may sometimes need additional
measurement and monitoring activities. The measurements are also planned and
implemented while executing these improvements.
In order to obtain the scope of improvement and hence the continuous improvement,
problem solving tools shall be used.

9.2Internal Audit
• Internal audits shall be carried out to monitor continuous effectiveness of the quality
assurance system.
• Internal audits shall be coordinated by the M.R.
• The minimum frequency for audits shall be once per year. It will be ensured that all
the dept. is covered during each audit.
• The trained and qualified internal auditors shall carry out the audits. During the
planning of the audit, it will be ensured that the auditor should not have direct
responsibilities for the departments being audited.
• Prior to carrying out audits, audit plan and audit schedule shall be drawn by M.R.
• The auditor shall record the findings in the checklist for the internal audit available in
the procedure for the Internal Audits. The concerned auditor along with the
management representative shall prepare the System Nonconformance report. The
audit report shall be countersigned by the auditee.
• Respective Dept. in charge shall spell out corrective action and time frame for
correcting the non-conformance.
• Audit closing shall be carried out by concerned auditor/MR to verify effective
implementation of corrective action. The MR shall not verify the area for which he is
directly responsible.
• M.R. shall maintain and analyses audit records.
• External resources (Consultants) shall be the auditor for the training, internal audits
and M.R. function till internal auditors are fully trained.

ISMS MANUAL (TTS ISMS 02) 15

 • The result of Internal Audit shall be reported in the MRM for discussion. This shall
form an integral part of the MRM.
• For further details, the procedure for Internal Quality Audits may be referred
(DOC.18.2.2)
Reference
Audit schedule : DOC.18.2.2F05
Audit Plan : DOC.18.2.2 F01
Observation sheet : DOC.18.2.2F04
Audit corrective action request : DOC.18.2.2F02
NC Monitoring Chart : DOC.18.2.2F03
Procedure for Internal audits : DOC. 18.2.2

Approved by Revision No. 0 Clause Page No

(MR) Date: 9.0 1 of 2

9.3Management Review
a. General
The Management Review Meeting shall be conducted at least once in 12 months. The M.R
shall record minutes of the Management Review. The purpose of conducting the MRM to
review the status of implemented Information Security Management System,
identification of resource requirement & to meet the requirement of ISO 27001: 2013.

b. Review Input
The input to management review shall include information on
• Follow-up actions from previous management reviews.
• Changes in internal and external issues that is relevant to the Information Security
Management System.
• Information on the performance and effectiveness of the Information Security
Management System including trends in
• Result of audits.
• Customer satisfaction and feedback from relevant interested parties.
• Fulfilment of information security Objectives
• The effectiveness of action taken to address risks and opportunity
• Opportunities for continual improvement.
• Any other points raised by members.
c. Review Output
The output from the management review shall include any decisions and actions related
to
• Opportunities for improvement
• Any need for changes to the Information Security Management System.
▪ The agenda shall be prepared and circulated in advance by the MR.

ISMS MANUAL (TTS ISMS 02) 16

 ▪ The minutes of the meeting shall be recorded and circulated to all the concerned
members of the Management Review Meeting in the Format DOC.18.2.1 F01
▪ The minutes of the meeting shall include action plan for corrective measures,
responsibility and target date for completion.
▪ Implementation of the corrective measures shall be monitored by the MR.

10.IMPROVEMENT
10.1 Non-Conformity and Corrective action
When a non-conformity occurs including any arising from complaints, the organization
shall
• Take action to control and correct it
• Deal with the consequences

Evaluate the need for action to eliminate the causes of the non-conformity in order that
it does not recur or occur elsewhere by:
• Reviewing and analyzing the non-conformity
• Determine the causes of non-conformities
• Determine if similar non-conformities exist or could potentially occur;
And Implement any action needed, review the effectiveness of any corrective action
taken, update risk and opportunities determined during planning, make necessary
changes in the Information Security Management System. The record of this effect shall
be maintained in the form of CAPA.

10.2 Continual Improvement

The projects for the continual improvement shall be taken and reviewed at defined
intervals.

Approved by Revision No. 0 Clause Page No

(MR) Date: 10.0 1 of 1

ISMS MANUAL (TTS ISMS 02) 17