Gap Assessment and Implementation of NIST Cyber Security Framework and ISO/IEC 27001:2013 Controls

Client: Physical Product Manufacturing Organization (Multinational)

Sector: Manufacturing

Location: San Francisco, California - USA



Background


The end client is a manufacturing technology company having multiple patents on their name. They manufacture indoor anti-pollution equipment. They were determined to get themselves compliant with NIST Cyber Security Framework and ISO/IEC 27001:2013 standards as they have a big plan to scale up operations – not only in the USA but also around the world. This is an ongoing project.


Our Approach


The first phase of the project involved performing detailed gap assessment based on NIST CSF framework. We did a thorough gap assessment which ran for more than a month involving multiple stakeholders and leaders of the organization. The detailed report was prepared and submitted. Based on the further request of the client, we prepared an executive summary for top leadership presentation.


Top leadership then approved for starting the second phase of the project for implementation. This phase involved Risk Assessment, other Information Security Management Systems and NIST Cyber Security Framework controls implementation activities.


Our major activities involved (but not limited to):

  • Defining the ISMS Objectives

  • Conducting the Risk Assessments for the risks associated with all the activities inside the scope

  • Drafting the Policies and Procedures in line with the requirements

  • Asset Classification

  • Preparation of Legal & Compliance Register

  • Revising the Incident Management Plan

  • Acceptable Use

  • Privacy Policy

  • ISMS Training

  • Multiple other policies and procedures related to the scope of work

  • Designing the templates and forms

  • Compliance with GDPR


A senior consultant from Gorisco was dedicated for this project to carry out activities as listed above with backend support from other colleagues. It is an excellent project as it involves defining things from scratch and building a robust framework which will help the organization to be compliant and grow in various markets across the globe.



The Positives


  1. The Client realized the value of our engagement and transformed a “Gap Assessment” project into an end-to-end implementation project

  2. With the good support of the Client, all activities are being completed within the agreed timelines

  3. Due to COVID-19 restrictions, the whole project is executed remotely without any physical meetings

  4. Able to support the UA Client in their time zone



Benefits & Values To Client

  1. Gap assessment clearly brought out the major, medium and minor gaps in the organization’s strategies, processes and policies

  2. This helped the top leadership to pick the priorities and the low hanging fruits which will support their organization

  3. It demonstrated the compliance status and level of associated risks in the organization

  4. Identification of priority (high risk) activities enabled Client to refine their business strategies and channel resources to the areas of greatest needs. These risks are managed through proper assessment and application of the mitigation plans

  5. The whole implementation process is helping the client to become compliant, mature and a truly global company

32 views0 comments