Certifications

ISO 9001:2015 Quality Management

ISO 39001:2012 Road Traffic Safety Management Systems

ISO 9001 Quality Management System

ISO 14001-Environmental Management System

OHSAS 18001-Occupational Health & Safety Management Systems

Abu Dhabi EHSMS- ADEHSMS-OSHAD Compliance Facilitation

ISO 27001-Information Security Management System (ISMS)

ISO 50001-Energy Management System

ISO 38500-IT Governance

ISO 10002-Quality Management-Customer Satisfaction

ISO 20000-Information Technology Service Management (ITSM)

ISO 26000-Guidance on Social Responsibility

ISO 21500-Guidance on Project Management

ISO 31000-Risk Management-Principles and Guidelines

ISO 55000-Asset management

ISO 22000-Food Safety Management Systems

ISO 27001-Information Security Management System (ISMS)

Our Rating for the course : 4.8 Stars Based on 35 users

About ISO 27001-Information Security Management System (ISMS)

ISO 27001 Information security systems really helps all enterprises and manufactures to manage their information security management and later to the customer needs in the most apt and efficient manner. It has gives the business edge orders others in the competitive business world.

The selection of fool proof security controls to protect Information Assets and to instill confidence among customers is the need of the hour for many commercial establishments, government agencies, nonprofit organizations etc.

ISO 27001 is an information security management standard designed to provide organizations a means for presenting clients, partners and regulators with proof that organizations strictly adhere to an internationally recognized set of information security controls. With reference to its sister document, ISO 17799: 2005, describes 133 best practices for information security management, along with implementation advice. Simultaneously, these two standards creates a certifiable framework for protecting information assets.

ISO 27001 Information security management systems provides a very optimistic results in each and every enterprises and manufactures to manage and control their information security management and at the same time it is also focuses to the customer needs in the most apt and efficient manner. It produces the business edge orders in a very competitive business world.

The organization must be able to choose an appropriate and well-advanced security tools to continuously protect the companies information asset, this will also instill confidence amongst customers which is highly demanded for many commercial establishments, government agencies, nonprofit organizations, etc.,

ISO 27001 certifications is handled by Nbiz in a very efficient manner in Dubai,UAEand GCC

An empowered and improved dependability on security of systems has ensured through the ISO 27001 that the organization can strictly control the systems in place. They can maintain the system availability and minimize the risk of vulnerabilities being exploited.

Main Highlights

ISO 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) for any organization, regardless of type or size/scale or nature of business.

The IT department is the main focus of ISO 27001:2013 implementation on every organization, but the standard involves areas in the entire organization as well. The main driver, sponsor, and promoter of the change must be the company's management, while its IT is mainly responsible for its execution. In addition to management and IT, other departments must also be actively involved as well as suppliers, outsourcing and, last but not least, employees to continuously achieve the implementation of the standards within the organization including the third parties.

ISO/IEC 27001 is the only auditable international standard which defines and specifies the requirements for an Information Security Management System (ISMS). The standard is designed to ensure that the selection of adequate and proportionate security controls will be implemented and maintained throughout the organization at all levels.

The standard offers a business-led approach to the best practice for information security management in your organisation.

Brief about the ISO standard

Any identified risks associated/related within an organization's information assets need to be properly addressed with a corrective action. Achieving the results from an information security aspect requires the management of risks to encompass the risks which are physically related to human and technology threats or will any form of information that is being used within the organization.

The organizations can be benefited with a cost-effective and consistent information security on the implementation of the standards. All divisions and departments within the organization shall be involved in developing their own security guidelines to drive the awareness throughout all levels. The standard will have a consistent approach to security by creating uniform policies incorporating industries best practices.

ISO 27001 Standards

Establish the context on the following areas during the planning phase:

Initiator/driver of the organizations for implementing Information Security primarily as a business need.
Identify the alignment of the ISMS scope and policy for implementation and maintaining it for all levels within the organization.
Methodology/Approach to risk management considering the best practices within this standard.

Risk Identification and assessment

Identify, analyze and evaluate risks

Manage the risk is being performed in the 2nd Phase:

Identify and evaluate options for managing the risks
Select controls and objectives
Controls for the treatment and management of risk
Statement of applicability

Monitor and Review Phase is covered in the 3rd Phase as the continual improvement will be the key element on the above phases.

Improved ISMS is on the Act Phase:

Identify improvements in the ISMS and implements them
Take appropriate corrective and preventive actions
Communicate and consult management including the top-level management, stakeholders, users, etc.

Boosts your company image
Dependability of Information and Information systems
Improve organizations efficiency and effectiveness
Reducing the likelihood of information misuse.
Compliance with legal, statutory, regulatory and contractual requirements
Improved corporate governance and assurance to stake holders
Risk Assessment performed
Threats, vulnerability and likelihood of occurrence are evaluated and Impact reduced

BAS 4P methodology is the way of standardizing the client process and procedure in a systematic way. The 4P enables BAS and client to go through a series of activities that leads to certifications. The 4P methodology deeply analyze and reviews the process and procedure within the organization and improves overall performance of the organization and finally get certified.
BAS implements the following activities.

bas-methodology

PREPARE

Understand the context

Capture and review business goals to understand the context and client.
Determine goals of the assessment of the client by questionnaire, interviews etc.
Identify key stakeholders.
Determine the scope (functional areas, geographical coverage etc) and timeline.
Finalize scope, timeline and resource needs.
Confirm approach and seek client commitment.
Mobilize the Assessment project team.
Schedule interviews.
Hold a kick-off meeting.

PERFORM

Gather Data

Gather and Analyze/Review existing documentation, portals, past audit reports, forms, metrics, data etc and understand how the operations is compliance with standards.
Conduct interviews and workshops.
Document survey results and preliminary ratings if any.
Document preliminary findings.
Assess environment and, gaining evidentiary support from interviews and documents.
Identify key issues and challenges and seek agreements from stakeholders
Implement and improve process and procedures

PRESENT

Develop Recommendations

Identify opportunities to overcome identified issues and/or reach maturity levels.
Prioritize alternatives.
Develop recommendations and near-term timeline.
Prepare final report.
Preview final report with stakeholders and update as required.
Present final report.

PURSUE

Continual Improvement

Follow up with the organization and analyze the how the organization is compliance with the standards
Check with the organization that the standards are being implemented and maintained.
Evaluate the continual fulfillment and improvement of all the required and relevant documents.

Certification Details

BAS is a versatile ISO certification body, with various industrial expertise and strong exposures in the field of Quality, Health, Safety and Environmental, Service Management and Information Security Management. We provide reliable services in the UK, Middle East, India and Other countries.

We at BAS with our veteran assessors provide you with certification which provides value for your management system. Many clients around the world have greatly benefited through our exemplary service.

The following are the steps in this phase we do as part of certification

Contract signature

BAS representative sends out an application which is a questionnaire to the organization which is the applicant for the Certification.

Once BAS receives the filled in application, the BAS representative sends an official quote to the applicant for approval.

Pre-audit (optional):

Gap analysis and diagnosis of your systems current position against requirements of the standard - A pre-certification audit is a high level evaluation indicating where your company currently stands in compliance with specific standards before the main certification audit.

Audit Stage 1- Initial Visit: to verify the establishment and implementation of the basic structure of your Management System

BAS will carry out a Document review Assessment of the client�s Management System according to the requirements of Standard in order to establish to what extent the System addresses the requirements of the standard and if a subsequent Initial Assessment for Accredited Certificate is likely to result in successful certification at an early stage, by which usually companies take the necessary corrective/preventive actions as appropriate and prior to the Initial Assessment. The Pre-audit should not be considered as a Consultancy Service

Audit Stage 2 - Certification audit (certificate issued after successful certification audit)

The principal purpose of the Initial Assessment is to audit the Company�s Management Systems for compliance with the the standard. Please note that Initial Assessment is the obligatory service. In this phase if there are any opportunities for improvements identified BAS auditors would report them in the interest of the organization.

Surveillance audits to follow the continual improvement

It is also an obligatory service; BAS will perform Surveillance Visit approximately after every year i.e. a total of 3 Surveillance Visits will be performed every year during the 3 years validation period of the Certificate. Such routine surveillance Visits are performed to ensure the continuous compliance of your Management System to the requirements of Standards.

Re-certification after 3 years through full audit or continual assessment.

What we do?

BAS can assist your organization to acquire any relevant ISO certifications in UAE which is well-known internationally. It will generate additional business opportunities, exhibit the organizations compliance and commitment to the best-practices in any industries in order to be more competitive in today�s market.
We at BAS with our veteran assessors provide you with certification which provides value for your management system. Many clients around the world have greatly benefited through our exemplary service.
When you choose BAS as your certification partner you stand to gain monetarily in your business by our straight forward assessment. The overall aim of certification is to give confidence to all parties that a management system fulfills specified requirements. The value of certification is the degree of public confidence and trust that is established by an Impartial and competent assessment by a third party.
With BAS, you will have the capability to deliver on the promises you make � this helps you to enhance your reputation, creates confidence in your capabilities, substantiates claims and differentiates your organization;
With BAS, Obtains the full tangible benefits and value of your management systems � this helps you to link assessment system benefits to financial performance or improvements in effectiveness and efficiency that help drive your business forward in measurable and verifiable ways; and develops your capability to better manage a range of non-financial risks.
As an integral part of this process, BAS will evaluate the relevance of the quality objectives against the analysis of stakeholder expectations and strategic goals of the company. We will assess the capability of the management system in controlling the defined processes. We will assess the effectiveness of the management decision making in respect to this data and, on the basis of this assessment, we will help senior management identify any changes required to support continual improvement.
Providing more opportunities for improvements than just performing a compliance audit against the standards requirements.
Understand the local culture and working patterns of the clients will facilitate better communication and understanding between BAS and the clients.
BAS possesses resources who have the knowledge and skills of multiple standards such as ISO 20000, ISO 27001, SKEA for eg., in Abu Dhabi for Business Excellence programs etc.,. This greatly helps the clients to have better inputs as the standards can be applied in an integrated way and the auditors can provide a holistic feedback.
BAS has offices around the world and the auditors have access to the knowledge from all around the global parts which will be helpful to the clients as they can have a better understanding and more practical suggestions from BAS auditors.
BAS location advantage within the Emirates on the following: Abu Dhabi, Dubai, Al Ain, Sharja, Ajman, Ras Al Kaimah and Fujairah (We have successfully completed many and different projects locally and also internationally).
BAS strongly promotes and implements the facilitations on the relevant Management System not only for the sake of certification but to really make a difference in the processes and procedures that will be implemented throughout any organization.
BAS consist of some project members which are also EFQM International Assessors this can add value to the assignment as Abu Dhabi government is highly recommending Organizational Excellence program across Abu Dhabi Emirate (and UAE).

ISO Scope Form

Download the Scope form , fill it and send to us. Download »

OR

Fill out the online form

In order for us to provide an accurate quote, we need to determine the processes and activities that are involved within your organisation.
We also need to know about the state of readiness of your Management System prior to certification.
Please provide us with as much detail as you can by answering the following questions. If you have any queries, please contact us on:

Section 1: Basic Contact Information

Company Name
Contact Name

Position
Address

Telephone Number
Fax Number

E-mail Address
Website Address

Please specify the details of Consultants, if used

Multi-site Addresses

Main activity in each site

Number of Shifts

Number of Emp.

Section 2: Organisational Details

2.1 Please describe fully the products, processes and/or services of your organisation.

2.2 Is your organisation part of a larger group?

2.3 Name of Parent or Holding Company:

2.4 Total Number of Employees:

Comprising of:

Managerial

Production

Sales

Quality

Purchasing

Stores &Shipping

Design

installation

Servicing Others

2.5 Do any staff work shifts? 2.6 Number of Staff Working Shifts:

2.7 Are other sites to be covered in this scope?

If yes,

2.8 Please describe fully the locations, staffing,products, process and/or services of the other sites within the scope of your management system.

Note: This would include temporary sites, such as construction locations, major projects, installation, Servicing and maintenance operations, disaster recovery sites. If no, please go on to 2.11.

2.9 Does the system cover other offsite activities?

2.10 Please describe fully these activities, giving locations and duration of projects and personnel numbers :

2.11 Please list all outsourced processes used by the organisation that will affect conformity to the requirements.

Section 3: Your Requirements

3.1 Please indicate the management system standard(s) required, and complete additional information as indicated:

ISO 9001 ISO 14001

OHSAS 18001 ISO 20001

ISO 22000 ISO 27001

Other: