X

Reach Us !

If you are an existing user, please log in.

ISO/IEC 42001 : 2023 Foundation Course
ISO/IEC 42001:2023 Internal Auditor Course
ISO/IEC 42001:2023 Lead Auditor Course

IT :

Quality Management :

Information Security :

AI/ ML Domain :

Note: I give consent to PMG to use the above information for training purpose.
GRC Tool

About ISO-Metrics


The Admin Panel is separate from the main application for security reasons

This tool is task oriented. For every module task is opened and required approvals are required to complete the task. It is a Workflow based tool.

It comes pre-populated with ISO controls.

It comes with some prepopulated compliance information. For example, Sample Issues and Interested parties are prepopulated which can be tweaked for the client’s need.

Document review and other process reviews are auto-reminded

There are some canned charts liked Issue Aging Graph, Process Maturity, Process Interaction etc.

This can be used as a Tool Kit to get a client ready for certification

It provides simplified version of HRMS, Asset Management, Change Management, Project Management, Supplier Management etc. – Very cost-effective solution for smaller companies

Overview

Employee Management (Background check, competence, training, disciplinary action

Asset Management (Including Maintenance and Calibration)

Organization setup (Policy, objectives)

Context of the Organization

Document Management

Change Management

Supplier Management

Compliance

Control Management

Process Management

Incident Management, Corrective Action, Preventive Action, Continuous Improvement

Risk Management interfaced with Statement of Applicability

Internal Audit & Management Review

Project (security consideration and Risk)

Security Objective

ISO 9000

ISO 20000-1

ISO 9000 Supports

4.1 Understanding the organization and its context

 Yes

4.2 Understanding the needs and expectations of interested parties

 Yes

4.3 Determining the scope of the quality management system

 Yes

4.4 Quality management system and its processes

 Yes

5.1.2 Customer focus

 Yes

5.2.1 Establishing the quality policy

 Yes

5.2.2 Communicating the quality policy

 Yes

5.3 Organizational roles, responsibilities and authorities

 Yes

6.1 Actions to address risks and opportunities

 Yes

6.2 Quality objectives and planning to achieve them

 Yes

6.3 Planning of changes

 Yes

7.1.2 People

 Yes

7.1.3 Infrastructure

 Yes

7.1.4 Environment for the operation of processes

 Yes

7.1.5 Monitoring and measuring resources

 Yes

7.1.6 Organizational knowledge

 Yes

7.2 Competencet

 Yes

7.3 Awarenesst

 Yes

7.4 Communication

 Yes

7.5 Documented information

 Yes

8.1 Operational planning and control

 Yes

8.2 Requirements for products and services

 Yes

8.2.4 Changes to requirements for products and services

 Yes

8.3 Design and development of products and services

 Yes

8.4 Control of externally provided processes, products and services

 Yes

8.5 Production and service provision

 Yes

8.5.6 Control of changes

 Yes

8.6 Release of products and servicesy

 Yes

8.7 Control of nonconforming outputs

 Yes

9.1 Monitoring, measurement, analysis and evaluation

 Yes

9.2 Internal audit

 Yes

9.3 Management review

 Yes

10.2 Nonconformity and corrective action

 Yes

10.3 Continual improvement

 Yes
ISO 20001-1 Clause Supports

4.1 Understanding the organization and its context

 Yes

4.2 Understanding the needs and expectations of interested parties

 Yes

4.3 Determining the scope of the quality management system

 Yes

4.4 Quality management system and its processes

 Yes

5.1.2 Customer focus

 Yes

5.2.1 Establishing the quality policy

 Yes

5.2.2 Communicating the quality policy

 Yes

5.3 Organizational roles, responsibilities and authorities

 Yes

6.1 Actions to address risks and opportunities

 Yes

6.2 Quality objectives and planning to achieve them

 Yes

6.3 Planning of changes

 Yes

7.1.2 People

 Yes

7.1.3 Infrastructure

 Yes

7.1.4 Environment for the operation of processes

 Yes

7.1.5 Monitoring and measuring resources

 Yes

7.1.6 Organizational knowledge

 Yes

7.2 Competencet

 Yes

7.3 Awarenesst

 Yes

7.4 Communication

 Yes

7.5 Documented information

 Yes

8.1 Operational planning and control

 Yes

8.2 Requirements for products and services

 Yes

8.2.4 Changes to requirements for products and services

 Yes

8.3 Design and development of products and services

 Yes

8.4 Control of externally provided processes, products and services

 Yes

8.5 Production and service provision

 Yes

8.5.6 Control of changes

 Yes

8.6 Release of products and servicesy

 Yes

8.7 Control of nonconforming outputs

 Yes

9.1 Monitoring, measurement, analysis and evaluation

 Yes

9.2 Internal audit

 Yes

9.3 Management review

 Yes

10.2 Nonconformity and corrective action

 Yes

10.3 Continual improvement

 Yes

Covers All the Clauses

4.0 Context of the Organization: Issues and Interested Parties

5.0 Security Policy, Roles and responsibility, Org Chart

6.0/ 8.0 Risk Management, SoA and Security Objectives

7.0 Resource Management: Job Description, Employee Competence, Skills Management, Training Record, Communication, Calibration, Equipment Maintenance

9.0 Performance evaluation, Internal Audit

10.0 CAR and Improvement.

Covers Most of the Controls

5.3 Change Management

5.8 Project Management/ Change Management

8.19 Installation of software on operational systems

8.26 Application security requirements

8.29 Security testing in development and acceptance

8.32 Change management

Cl.6.3 Planning of changes

5.9 Asset Management

5.11 Return of Asset

5.12 Classification

5.13 Labeling

Security of assets off-premises

Storage media

Supporting utilities

User end point devices

Capacity management

Protection against malware

Configuration management

Installation of software on operational systems

Networks security

Information security in supplier relationships

Addressing information security within supplier agreements

Managing information security in the information and communication technology (ICT) supply chain

5.22 Monitoring, review and change management of supplier services

5.23 Information security for use of cloud services

5.2 R & R

6.1 Screening

6.2 Terms and conditions of employment

6.3 Information security awareness, education and training

6.4 Disciplinary process

6.5 Responsibilities after termination or change of employment

6.6 Confidentiality or non-disclosure agreements

5.24 Incident Management

6.8 Information security event reporting

Asset Management:

This window maintains the asset change history. Change ticket is opened on the Change Management (A.8.32) Module to update the laptop from Win10 to Win11 which changed the Configuration (A.8.9) of the asset. This also keeps the record for Asset Return (A.5.11).

Change Management:

Change Management tracks Segregation of Duties (A.5.3) based on who creates the ticket and who approves it. Change Management (A.8.32) Module and Project Management (A.5.8). This module also takes care of Planning of Changes (Cl. 6.3).

Project Management:

Information security in project management
Security Testing in Development and Acceptance
Application Security Requirement

Supplier Management:

Information Security in supplier relationship is done by completing supplier questionnaire 5.21: ICT is considered as one of the supplier types 5.23: Cloud services is considered as one of the supplier types and for which “Exit Planning” is done.

Supplier Review:

Supplier rating can be captured for a specific period .

Supplier Management:

Supplier Risk Assessment can be done .

Employee Management:

Onboarding checklist documents
Background screening
Terms and Conditions
Completion of Information security training
NDA
Offboarding checklist documents
Asset Return
Badge Return
Access Revoke

Strategic Issues:

Clause 4.0 Context of the organization
Strategic Issue :It allows creating Issues, review and approval. It also allows annual review
Organization Context :It allows creating Interested Party, review and approval. It also allows annual review adding Needs & Expectations
Scope :It is documented in the Organization profile

Clause 5.0 Leadership:

Job Description
Organization Structure
Scope
Employee management

Statement of Applicability

Creating SOA
Manage your Controls
Maintaining Control Version
SOA Version Management
Control Implementation

Risk Management and Preventive Action:

Risk Impact
Risk Identification
Managing Preventive Action from Risk
Risk Register
Review Risk
Preventive Action

Managing Preventive Action from Risk:

Preventive Action
Confidentiality
Availability
Preventive Action Task
Tracking

Document Management

Documents Access control
Document changes through proper review-approval process. Provision for External Review/ approvals
Publish Documents for authorized users
Keep Source Documents untouched through version control
Move old Documents to Archive folder
Obsolete Documents can be retired
Maintain Document Change History
Create and manage Document Templates
Assign Document Templates to create new document

Internal Audit

Create & Manage Internal Audit
Adding Checklist Questions
Performing Audit

Incident Management

Incident List View
Corrective Action Analysis
Corrective Action
Improvement
Add New Suggestion for Improvement
Improvement Entered through Suggestion

Process Management:

Manage your processes, procedures, work instructions and maintain relations.




pmg

Download

Request Info

Request Info