Scribd Logo
Upload

Welcome to Scribd!

  • List of Trackers

    Uploaded by

    VKNRIS
    42 views10 pages
    This document contains a list of 84 activities related to information security and ISMS. For each activity, it identifies the department responsible and the person who needs to update the activity details. It covers risk management, access controls, compliance, training records, agreements, asset management, and more. The document assigns responsibilities for updating these activities to various individuals across different departments including Finance, HR, IT, Sales & Marketing, and Operations.

    Original Description:

    Original Title

    List of Trackers.xlsx

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains a list of 84 activities related to information security and ISMS. For each activity, it identifies the department responsible and the person who needs to update the activity details. It covers risk management, access controls, compliance, training records, agreements, asset management, and more. The document assigns responsibilities for updating these activities to various individuals across different departments including Finance, HR, IT, Sales & Marketing, and Operations.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xlsx, pdf, or txt
    42 views10 pages

    List of Trackers

    Uploaded by

    VKNRIS
    This document contains a list of 84 activities related to information security and ISMS. For each activity, it identifies the department responsible and the person who needs to update the activity details. It covers risk management, access controls, compliance, training records, agreements, asset management, and more. The document assigns responsibilities for updating these activities to various individuals across different departments including Finance, HR, IT, Sales & Marketing, and Operations.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xlsx, pdf, or txt
    of 10

    S.

    No Activity Details To be updated by


    79 Updated Risk Register Vikash
    80 Risk Treatment planning & completion status Vikash
    81 ISMS Objectives Vikash
    82 Access Control Metric Vikash
    11 ISMS Objectives Saurabh K
    12 Access Control Metric (ACM) for Sahrepoint Saurabh K
    13 BGV Records / Tracker Saurabh K
    Employee Tracker with BGV details(Greyt HR with Exit and
    14 Current, Resigned Emp details) Saurabh K
    15 Training Attendnace Records Saurabh K
    16 Training Schedules Saurabh K
    17 NDA Documents signed from employees Saurabh K
    any communication mails towards ISMS, from HR Dept. like
    18 ISMS Awareness training Saurabh K
    19 Clearance checklist Saurabh K
    Other Exit Documents like Non competence letters / Agreement
    20 letters. Saurabh K
    21 Compliance Tracker related to HR Saurabh K
    22 Information Asset Management Tracker (For HR Dept. Only) Saurabh K
    65 Risk Treatment planning & completion status Saurabh K
    10 Risk Register Rohit Verma
    4 Access Control Metric (Infra) Rajan
    6 Incident Record Rajan
    8 Asset Management Tracker (Laptops) Rajan
    9 Continual Imporvement Tracker Rajan
    51 Updated Risk Register along with High/Med VA&PT findings Rajan
    52 Risk Treatment planning & completion status Rajan
    53 BCM & BIA Records for Testing Rajan
    54 Contact with Special Interest Groups Rajan
    55 ISMS Objectives Rajan
    56 Access Control Metric for both IT dept. and Org Level Rajan
    Information Security Incident Records (if tracked for separately
    57 for IT) Rajan
    58 Change management Tracker (if tracked for separately for IT) Rajan
    Asset Register (IT Hardware and Software infra including Cloud
    59 infrastructure) Rajan
    60 Infrastructure Patch update Status Rajan
    61 Antivirus Software management console and Update status Rajan
    62 Agreement with AWS Rajan
    63 Adharance to Password Management Rajan
    64 Clock Synchronization, Screen Lockout Rajan
    69 Screen Lockout Rajan
    70 Backup and Resote Records Rajan
    3 Risk Register Pravin
    2 Risk Register Saurabh T
    5 Access Control Metric (Application) Saurabh T
    7 Incident Record Saurabh T
    1 Risk Register Saurabh K
    32 REGUS Building agreement copies Saurabh K
    33 Agreement with REGUS regarding Utility services offered Saurabh K
    Inforamtion Asset Register for Non IT (including Asset Owner and
    34 Asset Custodian) Saurabh K
    A walk through of the office premises showing the required
    35 security controls (Virtual Live / Recorded) Saurabh K
    Fire extinguishers and Sprinklers list along with Maintenance
    36 Expiry details Saurabh K
    37 Printer & Shredder Saurabh K
    CCTV cameras and access to Recordings with Recordings
    38 retention for how many days / months ? Saurabh K
    39 Access controlled entries to Reception and Working areas Saurabh K
    Floor map with Fire Exit/Fire Extingushers/Spriklers/Assembly
    40 point mnetioned Saurabh K
    41 Emergency exit Saurabh K
    Fire Drill reprot along with NOC from Fire and Safety department
    42 for Building Saurabh K
    Insulation of cables (No cables are exposed both Network /
    43 Electrical) Saurabh K
    44 Desk and system screens Saurabh K

    45 Power backup (UPS and DG details with power Backup details) Saurabh K
    46 Compliance Tracker Saurabh K
    47 Access Control Metric (for Building door access) Saurabh K
    48 BGV records for House Keeping and Maintenance team Saurabh K
    49 Material IN/OUT register Saurabh K
    Visitor Entry Records Book with what type of visitor informations
    50 are captured in the register Saurabh K
    66 Risk Treatment planning & completion status Saurabh K
    68 ISMS Objectives Saurabh K
    23 ISMS Objectives Saurabh K
    24 Access Control Metric (ACM) Saurabh K
    25 BCM & BIA Records (Vendors and suppliers list) Saurabh K
    26 NDA / Agreements signed with Vednors / Suppliers Saurabh K
    27 Vendor Assessment Saurabh K
    28 MSA Tracker Saurabh K
    29 Risk Register Saurabh K
    Information Asset Management Tracker (Related to
    30 Procurement) Saurabh K
    31 Vendor List Vikash
    67 Risk Treatment planning & completion status Vikash
    83 Applicable Compliance docuemnts and tracker Vikash
    71 Updated Risk Register – Add any new risks are identified Arshi
    72 Risk Treatment planning & completion status Arshi
    73 BCM & BIA Records if identified for PE dept. Arshi
    74 ISMS Objectives – defined ISMS objectives for your department Arshi
    Access Control Metric – define and track Access Control for PE
    75 dept Arshi
    Incident Record (if tracked for separately for PE dept.)
    76 Communicate all incident to IRT team Arshi
    Change Management Tracker (if tracked for separately for
    Consulting) – All changes are discussed in CAB / CCB and changes
    77 are implemented Arshi
    78 If Agreement Copies Signed with Customers Arshi
    79 Updated Risk Register Vikash / Pravin
    80 Risk Treatment planning & completion status Vikash / Pravin
    81 ISMS Objectives Pravin
    82 Access Control Metric Pravin
    21 Compliance Tracker Vikash & Saurabh K
    31 Vendor List Vikash & Saurabh K
    26 NDA / Agreements signed with Vednors / Suppliers Vikash & Saurabh K
    Department Status
    Finance To be updated
    Finance To be updated
    Finance To be updated
    Finance To be updated
    HR To be updated
    HR To be updated
    HR To be updated

    HR To be updated
    HR To be updated
    HR To be updated
    HR To be updated

    HR To be updated
    HR To be updated

    HR To be updated
    HR To be updated
    HR To be updated
    HR
    ISMS To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated

    IT &DBA To be updated
    IT &DBA To be updated

    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    IT &DBA To be updated
    Sales & Marketing To be updated
    Managed Services To be updated
    Managed Services To be updated
    Managed Services To be updated
    Operations To be updated
    Operations To be updated
    Operations To be updated

    Operations To be updated

    Operations To be updated

    Operations To be updated
    Operations To be updated

    Operations To be updated
    Operations To be updated

    Operations To be updated
    Operations To be updated

    Operations To be updated

    Operations To be updated
    Operations To be updated

    Operations To be updated
    Operations To be updated
    Operations To be updated
    Operations To be updated
    Operations To be updated

    Operations To be updated
    Operations To be updated
    Operations To be updated
    Procurement To be updated
    Procurement To be updated
    Procurement To be updated
    Procurement To be updated
    Procurement To be updated
    Procurement To be updated
    Procurement To be updated

    Procurement To be updated
    Procurement To be updated
    Procurement To be updated
    Procurement To be updated
    Product Engineering To be updated
    Product Engineering To be updated
    Product Engineering To be updated
    Product Engineering To be updated

    Product Engineering To be updated

    Product Engineering To be updated

    Product Engineering To be updated


    Product Engineering To be updated
    legal To be updated
    legal To be updated
    legal To be updated
    legal To be updated
    Legal To be updated
    Finance To be updated
    Legal To be updated
    Control Category Activity Details
    organization and its context setting including needs and
    IMS Context setting expectation of stakeholders

    Risk Assessment and


    Treatment Planning
    (RARTP) Identify new risks (Iformation Security & Privacy Risks)
    Work on planned Risk Treatments & update risk register
    completion status
    Identify new IMS objectives (KPI's) Org. Level
    Identify new IMS objectives (KPI's) Department Level
    Update statement of applicability (SOA) status Yes/No
    Statement of with justification for inclusion / exclusion along with
    Applicability (SOA) version update

    IMS Competence
    Matrix Update IMS competency matirx
    IMS awareness
    session Conduct IMS awareness session - org. wide
    Conduct IMS awareness session - new joiners at
    Induction program
    Post IMS awareness training, conduct assessment

    IMS Objectives,
    Monitoring,
    measurement and Identification of new IMS objectives and planning to
    analysis achieve them
    Update Measurement and Metrics of identified IMS
    Objectives

    IMS Documentation Manage DCR's (Document change requests)


    Creation and update of IMS documents
    IMS documents review
    Control of documented information and update MLD
    tracker
    Internal Audit Internal Audit planning & communication to auditees
    Conduct / Face Internal Audit
    Internal audit report preparation and present to the IMS
    steering committee
    Followup and closure of internal audit findings
    External Audit External Audit planning & communication to auditees
    Conduct / Face external Audit
    External audit report preparation and present to the IMS
    steering committee
    Followup and closure of external audit findings
    Management
    review(MR) / IMS Palnning and schedule of Management Review
    Steering Committee Meeting/IMS Steering Committee
    IMS MR/IMS steering committee repeort/presentation
    preparation
    Conduct MR/IMS Steering Committee
    Preparation of MOM (Minutes of Meeting) with listing
    action items
    Follow-up on closure of Action items

    Continual Identify Continual Improvement points at department


    Improvement (CI) level
    Contact with
    authorities Contact with authorities tracker update

    Contact with special


    interest groups
    Contact with special interest groups tracker update

    Human resource
    security (HR) BGV Records repository update
    Employee Tracker with BGV details
    NDA Documents signed from employees
    Employee onbarding checklist and communications
    Employee exit checklist and communications
    Other Exit Documents like Non competence letters /
    Agreement letters.
    Information Asset Inventory tracker creation and update
    Information Asset along with Asset owner, Asset Custodian, Asset Location
    management and Asset Status including Asset Return

    Create and update Access Control Metric (ACM) for Apps


    (internal & External) and Data folder including cloud
    storage (Google Drive, One dirve, Sharepoiunt, Google
    Access control One, Droop Box, MS Teams, other Cloud storage)
    Review and acknowledge of Access Control Metric

    Password Ensure PasswordPolicy is umplemented across all Apps


    management system and systems
    Physical and
    environmental Building agreement copies and Approval to use building
    security utilities along with SLA's
    Agreement with Building landlord regarding Utility
    services offered
    A walk through of all the three office premises showing
    the required security controls (Virtual Live / Recorded)

    Fire extinguishers and Sprinklers list along with


    Maintenance Expiry details
    Printer placement and security features & avability of
    paper shredder
    CCTV cameras and access to Recordings with Recordings
    retention for how many days / months ?

    Access controlled entries to Reception and Working areas


    Floor map with Fire Exit/Fire
    Extingushers/Spriklers/Assembly point mnetioned
    Emergency exit
    Fire Drill reprot along with NOC from Fire and Safety
    department for Building
    Insulation of cables (No cables are exposed both Network
    / Electrical)
    Desk and system screens
    Power backup (UPS and DG details with power Backup
    details)
    Material IN/OUT registers
    Visitor Entry Records Book with what type of visitor
    informations/PII are captured in the register
    Information Security and Privacy signages

    Change management Change Request forms


    CAB Tracker
    Capacity
    management Capacity and Avability tracker

    Information backup Backup restore requests form


    Backup resotre test reports
    Events Logs and
    monitoring List of Event logs monitoring
    All Critical logs retention location and retention
    periodicity
    Provide demo to the Internal / External Auditor

    Clock synchronisation of endpoint computers, CCTV, Fire


    Clock synchronisation Alaram System and door access control systems, etc.,
    Technical
    vulnerability
    management VAPT records
    VAPT findings closure and reassessment report
    Updation of VAPT points in Risk Register and IMS steering
    committee presentation
    Infrastructure Patch update Status
    Antivirus Software management console and Update
    status

    Restrictions on
    software installation Restrictions on software installation
    Blocking endpoints USB, Storage, communiction ports
    Segregation in
    networks Approved Network Diagram
    System acquisition,
    development and
    maintenance Secure Coding Checklists for existing and new projects
    Information Security adoption for new projects at
    beginning for the project planning
    Addressing information security/Privacy requirements
    Supplier relationships within supplier agreements (NDA, MSA's)

    NDA / Agreements signed with Vednors / Suppliers copies


    Confidentiality or
    nondisclosure Agreements with Vendors for Information and
    agreements communication technology service providers
    Monitoring and review of supplier services records
    Vendor List
    Information security /
    privacy incident
    management Information Security Incident Records
    Reporting of Information security / privacy incidents

    Incident Tracker with RCA and Corrective actions defined


    Learnings from information security incidents (Pareto
    charts)
    business continuity
    management BIA and BCP Tracker
    Hard copies emergency contact details and Procedure
    BCP test reprots
    Compliance Compliance Tracker

    You might also like