VOICECOM

Control of ISMS Management Reviews Control of

Monitoring, Measuring, Analysis and Evaluation

Internal document
 Procedure Ref : PO-DSIXXX
Version : 0.1
Control of Monitoring, Measuring, Analysis and Date : 26/09/2020
Evaluation Page : 2/4

Public Internal Confidential Top Secret

1 Introduction
2 Scope
This procedure sets out VOICECOM’s arrangements for monitoring, measuring, analysing
and evaluating our information security performance in the context of our information
security management system.

3 Revision History
Revision Date Record of Changes Approved By
0.1 09.26.2020 Initial Issue

4 Control of hardcopy versions

The digital version of this document is the most recent version. It is the responsibility of the
individual to ensure that any printed version is the most recent version. The printed version
of this manual is uncontrolled, and cannot be relied upon, except when formally issued by
the <Document Controller> and provided with a document reference number and revision in
the fields below:
Document Ref. Rev. Uncontrolled Copy X Controlled Copy

5 References
Standard Title Description
ISO 27000:2014 Information security management systems Overview and vocabulary
ISO 27001:2013 Information security management systems Requirements
ISO 27002:2013 Information technology - security Code of practice for information security
techniques controls

6 Terms and Definitions

 “staff” and “users” means all of those who work under our control, including
employees, contractors, interns etc.

 “we” and “our” refer to VOICECOM

7 Responsibilities
The <ISMS Manager> is responsible for all aspects of the implementation and management
of this procedure, unless noted otherwise.

Control of Monitoring, Measuring, Analysis and Evaluation Page 2 of 4

 Procedure Ref : PO-DSIXXX
Version : 0.1
Control of Monitoring, Measuring, Analysis and Date : 26/09/2020
Evaluation Page : 3/4

Public Internal Confidential Top Secret

Managers and supervisors are responsible for the implementation of this policy, within the
scope of their responsibilities, and must ensure that all staff under their control understand
and undertake their responsibilities accordingly.

8 General
To evaluate the performance of our information security management system, we determine:

 what needs to be monitored and measured, including information security processes

and controls

 the methods of monitoring, measurement, analysis and evaluation to ensure valid

results

 when the monitoring and measuring shall be performed

 who shall monitor and measure

 when the results from monitoring and measurement shall be analysed and evaluated

 who shall analyse and evaluate these results

These activities are appropriately recorded, communicated and used to evaluate and
improve the performance and effectiveness of our information security management system,
including:

 tracking progress on meeting policy commitments, achieving objectives and targets,

and continual improvement

 providing data to support or evaluate operational controls

 providing data to evaluate our information security performance

Measurements are conducted under controlled conditions, with appropriate processes for
assuring the validity of results, including the use of:

 competent staff

 suitable quality control methods

We operate and maintain arrangements to ensure that all calibrated or verified monitoring
equipment and validated software is appropriately used and maintained as set out in our
Control of Calibration, Verification and Validation Procedure and that records of calibration
and maintenance and results are retained.

9 ISMS Monitoring Plan

An ISMS Information Security Monitoring Plan is maintained, which clearly identifies what
will be measured, where and when it should be measured, and what methods of
measurement should be used.

Control of Monitoring, Measuring, Analysis and Evaluation Page 3 of 4

 Procedure Ref : PO-DSIXXX
Version : 0.1
Control of Monitoring, Measuring, Analysis and Date : 26/09/2020
Evaluation Page : 4/4

Public Internal Confidential Top Secret

Note that this plan does not include those system conformance checks provided by internal
ISMS audits, nor the periodic review of conformance covered by ISMS management
reviews.
The results of this monitoring and measuring plan are periodically analysed by the <ISMS
Manager> and:

 reported to each ISMS management review meeting, which in turn evaluates and
uses them to identify both successes and areas requiring correction or improvement.

 communicated both internally to the <Senior Management Team> and other

appropriate managers and externally to concerned parties
We retain appropriate records as evidence of the monitoring, measurement, analysis and
evaluation.

10 Evaluation of Compliance
Our ISMS Compliance With Legal and Contractual Obligations Procedure, sets out how we
ensure that we comply with our compliance obligations.

1 Records
Records retained in support of this procedure are listed in the ISMS Controlled Records
Register and controlled according to the Control of Management System Records
Procedure.

Control of Monitoring, Measuring, Analysis and Evaluation Page 4 of 4