Compliance and Implementation Services

BS 25999-2:2007 – Business Continuity Management

Disasters over the past few years have brought to the forefront the critical need every organization has to protect its business, infrastructure, people, and operations. Continued operations in the event of a disruption, whether due to a major disaster or a minor incident, are a fundamental requirement for any organization.

BS 25999-2:2007 is the standard for Business Continuity Management (BCM), which is designed to help prevent a small incident from becoming a major business issue. BS 25999-2:2007 certified organizations give a confidence to their business partners of providing continued products/services following a disaster. Certified organization will have a competitive advantage in market, over those that have not achieved it.

Brochure Download


Technology Risk Management
Technology Risk Management


The following benefits can be achieved by complying and implementing this BCM standard:

  • An internationally recognized standard that keeps organization’s business going during the most challenging and unexpected circumstances.
  • A defined approach for understanding, developing and implementing business continuity within organization and gives confidence in business-to-business and business-to customer dealings.
  • It also contains a comprehensive set of controls based on BCM best practice and covers the whole BCM lifecycle.
  • An approach to document and potentially certify and receive accreditation.

SHMA focuses on the effective implementation of this standard rather than a prescriptive or “tick box” approach. BCM should be embedded within the business so that everyone within the business carries out business continuity, as part of their day-to-day activities. These challenges need to be addressed to ensure that standards implementation makes a difference and does not become a paper exercise.

SHMA assists in successfully implementing the BCM within the organization and getting them registered for BS 25999-2:2007 to attain the compliance / certification.

ISO / IEC 27001:2005 (BS7799) – Information Security Management System

Information is an important business asset and is the lifeblood of all organizations and needs to be suitably protected. In today's competitive business environment, such information is constantly under threat from many sources; these can be external, internal, accidental or malicious. Identifying and managing Information Security risks have become imperative for the success of today’s organizations. Effectively managing an organization's information risks and threats are important challenges, and establishing an Information Security Management Systems (ISMS) is becoming ever more important for organizations to secure their confidential data & information and minimize tangible and intangible losses.

An Information Security Management Systems based on the ISO 27001 (BS7799) standard, will facilitate to manage these issues while continually improving the security of the organization’s information. The standard also incorporates the proven "Plan-Do-Check-Act" (PDCA) cycle, which enables to continually improve an organization’s information security posture and meet the changing regulatory and legal requirements for information security.

The following benefits can be achieved by complying & implementing this Information Security standard:

  • An internationally recognized framework that can improve an organization’s information security, and enhance trust with its customers and trading partners.
  • A defined approach and method to evaluate, implement, maintain, and manage the overall information security of an organization.
  • A method to compliment the organization’s overall risk management strategy.
  • An approach to document and potentially certify and receive accreditation.
  • A framework which addresses and satisfies the criteria for data protection regulations.

We apply the International Standard "Plan-Do-Check-Act" (PDCA) process model to structure all ISMS processes and ISO/IEC 17799:2005 is referred to identify and design appropriate controls based on an organization’s needs.

ISO/IEC 20000-1:2005 – Information Technology Service Management System

ISO 20000 (which replaces BS15000) defines the requirements for an IT Service Management System. It sets out the main processes to deliver IT services effectively within the organization and to its customers. The standard itself aligns with the IT Infrastructure Library (ITIL), and specifies the following key process groups: Service Delivery Processes; Relationship Processes; Resolution Processes; Release Process; Control Processes.

ISO/IEC 20000-1:2005 specifies five key service management processes:

  • Service Delivery Processes - Service Level Management, Availability Management and Capacity Management.
  • Relationship Processes - The interfaces between service provider and both the customers and suppliers.
  • Resolution Processes - those focused on incidents being resolved or prevented.
  • Control Processes - those involved with managing changes, assets and configurations.
  • Release Process - looking at the roll-out of new or changed software/hardware.

IT Service Management standards allow organizations to continuously improve their IT service quality and provide important guidelines that facilitate establish the credibility of the organization, further it demonstrates to customers and stakeholders that it operates with business integrity and security and continuously improving the quality of IT Services, consequently gain competitive edge over competing organizations.

SHMA assists in successfully implementing the ITSMS within the organization and getting them registered with BSI of ISO/IEC 20000-1:2005 to attain the compliance / certification.

COBIT Assessment & Implementation

Control Objectives for Information and related Technology (COBIT) is a framework that is used for ensuring proper control and governance over information and the systems that create, store, manipulate and retrieve it. COBIT enables clear policy development and good practice for IT control throughout the organization. It also provides clear policies and good practices for control and security of information and related technology.

Under COBIT Assessment service, we assess the overall people, process and technology infrastructure of the organization, based on COBIT Maturity Model.

SHMA uses COBIT framework and supporting toolset to implement IT Governance and IT Controls within organizations that allows bridging the gap between their control requirements, technical issues and business risks.

Copyright © 2022 - 2026 Sidat Hyder Morshed Associates - All Rights Reserved.
  • Information Technology Risk Management