|
The Centennial Fund is a Saudi Arabian charity established in July 2004 with a royal charter to help young Saudi men & women achieve financial independence through helping them start their own commercially successful businesses.
Solution Approach
TCF concluded that it needed to invest and expand its current corporate security to enhance security for itself, its clients and the loans covered under its programs. Netways first task was to perform a risk assessment on TCF current systems security and ISMS - Implementation’s requirement.
Part I
Netways performed an ISO 27001 gap assessment to quantify TCF overall ISMS -Implementation’s, and delivered a detailed recommended course of actions to address and remediate areas both under and over controlled.
Netways provided guidance during various remediation efforts and an independent audit to ensure that TCF scheduled client’s loans deployments were uninterrupted. Subsequently, Netways provided a roadmap for building ISMS - Implementation’s requirement that could be registered to the ISO 27001 standard.
Part II
As a first step to implementing ISMS - Implementation’s requirement, Netways championed ISO’s Plan-Do-Check-Act cycle to deploy a comprehensive set of security controls and initiatives. Through the following weeks, Netways worked as a member of TCF Quality Committee and the following efforts were completed:
- Defined granular roles and responsibilities
- Specifically identified ISMS - Implementation’s requirement
- Defined supporting policies, standards and procedures
- Defined and established security awareness program
- Expanded vulnerability management program
- Collaborated with BC/DR to integrate Security Program objectives
- More clearly defined incident response program
- Implemented internal security control audit program
- Conformed Security Program to existing TCF Compliance, Privacy and Standards initiatives
Part III
As TCF prepares for its annual Corporate ISO27001 Assessment Q4 of 2009 and as Netways continues to refine and improve ISMS - Implementation’s components of the TCF IT department, TCF is confident that it is fully compliant with the expectations of the ISO 27001 Standard and is ready to begin preparations for formal registration. TCF has set a target of Q4 2009 for completion of the registration process. Role of SharePoint 2007 to help the TCF Achieve ISO 27001:
Netways made use of Microsoft SharePoint 2007 to manage all TCF IT departments’ info and activities like (ISO 27001 ISMS controls – Servers information-PCS\Laptops-infrastructure information…) ISO 27001 auditors use the SharePoint features to review all polices and control and the history of use for each control (create – update-modified date –modified by …) to make sure that everyone makes his role successfully.
TCF achieve ISO 27001 at 24/12/2009
|