Please provide the following information to enable us to confirm the costs of ISO 27001 registration.
1) Organisation details: Company name:
Company number: Main site address:
Postcode: Tel: Fax:
Web site: Contact name: Job title: E-mail:
Tel: Mobile:
2) How long has your management system been in place?
3) What activities are to be covered by your certification (scope)?
4) Are you?
a. A new NQA client Yes No b. A transferring client Yes No
If a transferring client, please provide details of previous registration(s):
Note: Copies of current certificates of registration and previous audit reports will need to be supplied. c. Extending your scope? Yes No
If yes, please provide details of the new scope:
d. Have you previously been registered with NQA? Yes No
Information security management for...
INFORMATION SECURITY
MANAGEMENT SYSTEMS
QUOTE REQUEST FORM
2 5) Are you aware of any standards, regulations or laws with which your company or industry must comply?
If so list these below.
Legal (e.g. Data Protection Act, Computer Misuse Act etc):
Regulatory (e.g. PCI DSS, Information Governance Statement of Compliance (IG SoC)):
6) Functions and business activities:
Site information - please give details of the employee numbers, addresses and activities of all sites requiring registration to ISO 27001. Total in Organisation:
Total at Main Address: Other Locations:
Address Headcount Activities (customer facing services, design, product management and internal functions such as HR, finance, IT, sales etc)
Main address Location 1 Location 2 Location 3 Location 4 Location 5 Location 6 Location 7 Location 8
8) ISO 9001 Certification:
Do you currently hold an accredited certificate of registration for ISO 9001? If your registration is with a certification body other than NQA please give details. Standard:
Scope of Registration:
Certification Body: Certificate No:
9) Risk level & complexity:
9a: Risk level: Please identify the risk level (high, medium or low) for each of the three categories below (Legal and regulatory, business continuity and availability, information held/managed).
Low Medium High Rating
Legal & regulatory Incompliance is likely L M H
result in prosecution Incompliance is likely to
lead to insignificant financial penalty or goodwill damage
Incompliance is likely to result in significant financial penalty or goodwill damage
Business Continuity & availability Impact restricted to L M H
commercial /operational inconvenience
Information must be available (e.g. critical national infrastructure) at all times
Lack of availability or outage has significant impact on essential services such as healthcare – outages are likely to receive prioritised response from national/local government emergency planning arrangements
Information held/managed Information of a general L M H
nature Sensitive and personally identifiable information. (Note: this includes employee information)
High classification government information e.g. secret and above; government emergency broadcast
Examples Government ministries,
critical national infrastructure (e.g. broadcast). Hospitals, finance sector
e.g. banks, local government, telecoms providers and others holding personally identifiable information /sensitive personally identifiable information. Commercial organisations,
general businesses that do not form a critical part of supply chains or partnering for medium and high risk organisations. Note: to have a “low” risk rating the organisation must not hold personally identifiable employee information.
Office Use:
Final risk rating L M H
Comment:
9b: Complexity Rating
Complexity Factor Category Category
Simple (“S”) Complex (“C”) Rating
Number of employees and contractor staff <1,000 >=1,000 S C
Number of users <1 million >=1,000,000 S C
Number of sites <5 >=5 S C
Number of servers <100 >=100 S C
Number of workstations + PC + laptops <300 >=300 S C
Number of application developers and maintenance staff <100 >=100 S C 7) Outsourcing
Do you have outsourced or subcontracted activities?
Please provide details of outsourced or subcontracted activities:
Yes No
4
Office Use:
Overall complexity rating: S C
Comment:
Office Use:
Assessment durations
Assessment On-site (days) Programme management (days) Total (days) Pre-assessment (optional) Stage 1 Stage 2 Surveillance Recertification Completed by/date: Approved by/date:
10) At what stage in the implementation of your ISMS are you ? Please indicate your progress in relation to the following phases:
Phase: Description: Completed: Planned completion date: Required for
Stage 1 Stage 2
Step 1 Definition of Policy Statement Yes No Y Y
Step 2 Defined the scope of your ISMS Yes No Y Y
Step 3 Completed your Risk Assessment Yes No Y Y
Step 4 Completed your Risk Treatment Plan document Yes No Y Y
Step 5 Selected control objectives and controls to be implemented Yes No Y Y
Step 6 Prepared a Statement of Applicability Yes No Y Y
Step 7 Completed security awareness training Yes No Preferable Y
Completed internal audit of the ISMS Yes No Preferable Y
Completed management review of the ISMS Yes No Preferable Y
Completed and test business continuity plans Yes No Preferable Y
Operated the ISMS for at least 3 months Yes No Preferable Y
(If YES to Step 7 b) how long has your ISMS been implemented ?
Office completion:
Timescales Pre-assessment Target date:
Stage 1 Target date:
Data Protection Act 1998
This information is collected, processed and stored to adhere with the UK Data Protection Act 1998. Information will be held and used byNQA and mayfrom time to time be used to send you marketing information relating to products or services we feel you may be interested in.
Please confirm that you would be happy to receive this information: By Fax: ▢ E-mail: ▢ Telephone: ▢
Contact us
NQA, Warwick House, Houghton Hall Park, Houghton Regis, Dunstable, Bedfordshire LU5 5ZX, UK T: 0800 0522424 E: [email protected] www.nqa.com/isms
11) Consultant use:
Will you be using a Consultant to help you implement Information Security Management Systems? Yes No (If yes, please complete their details below).
Consultant name: Address:
E-mail:
Tel: Fax:
12) Completed by:
Date: Company: Name:
13) Where did you hear about NQA? By recommendation from consultant By recommendation from another company From an editorial
From an advert
Via NQA’s web site www.nqa.com You are an existing NQAclient
From an exhibition
Via a search engine: e.g. Google Other (please specify)
Please provide further details below:
If you have any problems completing this questionnaire please call 0800 0522424 or email [email protected] Or print and send to: NQA Sales, Warwick House, Houghton Hall Park, Houghton Regis, Dunstable, Bedfordshire LU5 5ZX, UK
