ISMS Implmentation Schedule

Sr. No. Task Details Remarks

1. Scope Definition
2. Review Current Policy,Procedure Documentation
1 Gap Assessment
3. Interview & Workshops
4. Gap Analysis
Define ISMS
2 Define New Policy As per ISO 27001:2022 framework(Clause+Control)
Framework
Identify information assets and their associated risks.
Risk Assessment &
3 Evaluate the potential impact and likelihood of these risks.
Risk Treatment
Determine the necessary risk treatment measures.
4 Define Procedure Develop Procedure and record document

5 Training & Awarness Train all employees on the information security policies and procedures. Promote awareness
of the importance of information security throughout the organization.
The objective of VAPT Vulnerability Assessment and Penetration Testing (VAPT) is to identify
6 VAPT all potential loopholes within your network security system and show the potential impact of
those threats and loopholes by exploiting them.
The purpose of this document (frequently referred to as the Statement of Applicability, or SoA) is to list all
7 Write the SOA controls and to define which are applicable and which are not, the reasons for such a decision, and a description of
how they are implemented in the organization.
Implement the implement all documents and technology, and consequently change the security processes
8
security control in your company.
Monitor & Measure What is happening in your ISMS? How many incidents do you have, and of what type? Are all the procedures
9
ISMS carried out properly?
10 Internal Audit Conduct Internal Audit
11 CAPA Corrective and Preventive Action on findings
12 MRM Project Completion/Handover Internal MR
 Process Start Date End Date Days Man Hour
Gap Assessment 25-Aug 28-Aug 4 16 G
Define ISMS Framework 29-Aug 13-Sep 16 96 Define IS
Risk Assessment & Risk Treatment 14-Sep 18-Sep 5 40
Risk Assessment &
Define Procedure 19-Sep 25-Sep 7 40
D
Training & Awarness 26-Sep 26-Sep 1 8
Train
VAPT (Vulnerabilities Assessment & penetration testing 6 VAPT (Vulnerabilities Assessment & pen
27-Sep 2-Oct 32
Write the SOA Annex A cont
Write the SOA Annex A controls which apply 3-Oct 5-Oct 3 24
Implement the
Implement the security control 6-Oct 10-Oct 5 32
Monitor & Measure ISMS 9 Monitor &
11-Oct 19-Oct 24
Internal Audit 20-Oct 20-Oct 1 8
CAPA 21-Oct 21-Oct 1 8
MRM 22-Oct 22-Oct 1 8
 25-Aug 9-Sep 24-Sep 9-Oct 24-Oct
Gap Assessment
Define ISMS Framework
Risk Assessment & Risk Treatment
Define Procedure
Training & Awarness
abilities Assessment & penetration testing
Write the SOA Annex A controls which apply
Implement the security control
Monitor & Measure ISMS
Internal Audit
CAPA
MRM