This project involved support to a major data centre operator during the process of expanding the scope of multiple ISO 27001 accreditations relating to newly constructed centres.
New policies and procedures were developed, while others were updated to accommodate the new scope; internal audit procedures were also adjusted to accommodate the expansion.
Additional security controls were identified and implemented during the project.
The Australian Government’s Information Security Manual (ISM) was also factored into requirements, along with PCI-DSS.
A program of monthly internal ISMS audits was then delivered to assist in maintaining compliance, and a register of all identified information security activities documented.