Request for Quotation
As part of our preparations for your certification proposal, ISC would like to ask you for some specific information about your organisation. We kindly request you to complete this questionnaire and return it to International Standards Certifications or fax: 02 9894 6808.
We will use this information to submit a quotation tailored to your organisation’s individual needs.
Please note that completing this questionnaire will in no way commit you to using ISC’s services and that no application fee will be charged until your official application form is received, signed and completed.
All information supplied will be treated with the strictest confidence
Part A - General
1.Company Details
Date of Request:Registered company name
Trading name
Company address
(To appear on certificate)
Mailing address
(For correspondence)
Telephone number: / Fax No:
Email Address
Name of person nominated for liaison with ISC
Their position in the company
Registration A.B.N Number
Is the company part of a larger group of companies?
( if so, please provide details)
2.Industry Details
a) Field of operations
What is the scope of your main activities?
b) Number of Employees
How many equivalent fulltime employees do you have working for you?
Full Time:Part Time: Casual: Other (please describe) :
c) Shifts
Does your company operate in shifts?
Yes ☐ No ☐
If yes, how many shifts?
3.Other Aspects of your Operations
a) Outsourced processes and third party arrangements
Describe any processes covered by your management system that you outsource.
(Outsourcing includes project management and monitoring)
Describe any processes for which you have third party arrangements.( Third party arrangements include employees from other companies who work on your site and whom you manage)
Please provide details of Service Level Agreements/Contracts that cover these activities.
Phone: / +61 (2) 9894 6242 / International Standards CertificationsABN31 245 846 984 / Page 1 of 10
Fax: / +61 (2) 9894 6808 / CONFIDENTIAL
EmailEmail / / ISC Form F17BEnqApp, 1.9
/ Enquiry/Application/Request for Quotation
b) Please tell us of any other information which might affect certification
c) Risk Categorisation
In order to prepare a quotation we need to ask some specific questions about your organisation’s risk category.
Please use the hyperlinks to continue to Part B (Generic Risk Categorisation) and to complete any other annexes as applicable:
Additional Information: / Page / Jump to:Part B: Generic Risk Categories / 5 / PartB
Part C: ISMS Certification / 5 / Part C
Part D: BCMS Certification / 7 / Part D
Part E: SMS Readiness / 8 / Part E
Part F: ICT readiness for BCMS / 10 / Part F
Part B: ADDITIONAL INFORMATION- RISK
GENERIC RISK CATEGORISATION
Please indicate by (shading, circling or highlighting), the correct category for your organisation.
Limited / Low / Medium / HighNumber of office locations (other than DR site) / 1 / 1 / 2 to 5 / 5+
Number of customer locations / 1 / 1 / 2 to 5 / 5+
Number of supplier locations / 1 / 1 / 2 to 5 / 5+
Number of employees / 1-25 / 26-125 / 126-1175 / 1175+
Number of outsourced staff / 1 -5 / 6 -10 / 11-100 / 100+
Number of SAN storage units / 1 -5 / 6 -10 / 11-100 / 100+
Number of Servers / 1 -5 / 6 -10 / 11-100 / 100+
Number of Wide Area Network equipment devices / 1 -5 / 6 -10 / 11-100 / 100+
Number of uses of applications
(e.g, e-commerce/on-line TXN) / 1 - 50K / 51-200K / 200k-1M / 1M+
Number of PCs / 1-25 / 26-100 / 101-500 / 500+
Number of laptops / iPads / 1-25 / 26-100 / 101-500 / 500+
Number of security applications/equipment
(e.g, firewall / IDS) / 1 -5 / 6 -10 / 11-100 / 100+
Number of IT system support staff / 1 -5 / 6 -10 / 11-100 / 100+
Number of business applications / 1 -5 / 6 -10 / 11-100 / 100+
Number of IT software development/maintenance staff / 1 -5 / 6 -10 / 11-100 / 100+
Number of customers requiring data encryption / 1 -5 / 6 -10 / 11-100 / 100+
Impact of non-compliance with applicable legal requirements / Limited / Low / Medium / High
Impact of non-compliance with sector specific requirements (e.g, Basel II) / Limited / Low / Medium / High
Number of processes outsourced to third parties.
See also Section 4d above / Limited / Low / Medium / High
Any other relevant information:
Part C ADDITIONAL INFORMATION ISMS
FOR ISMS (ISO/IEC 27001:2013) CERTIFICATION
Checklist / Indicate Yes/No or provide informationDo you have an ISMS Policy approved by Top Management? / Yes ☐ No ☐
Has the policy been communicated to all employees? / Yes ☐ No ☐
Has the policy been communicated to all relevant third party staff? / Yes ☐ No ☐
Do you have other networks connected to your network?
If so, please advise details of all partner networks. / Yes ☐ No ☐
Please provide the list of applicable legal/regulatory requirements. / Yes ☐ No ☐
Have you completed ISMS risk assessment? / Yes ☐ No ☐
Have you prepared the Statement of Applicability? If so, please attach a copy. / Yes ☐ No ☐
Have you prepared the mandatory procedures for all of?
Control of Documents
Control of Records
Internal SMS Audits
Corrective Action
Preventive Action
Security Incident Management / Yes ☐ No ☐
Have you prepared a BCP – Business Continuity Plan? / Yes ☐ No ☐
Have you completed BCP tests? / Yes ☐ No ☐
Have you completed one internal security review / internal ISMS audit? / Yes ☐ No ☐
Have you completed one Management Review after completing internal security review / ISMS audit? / Yes ☐ No ☐
Please provide list of all third party organisations with whom you have service level agreements for IT services.
Please add any other information relevant to your scope of certification ,
PLEASE INDICATE THE STATUS OF IMPLEMENTATION OF CONTROLS: / STATUS
(Partial/Complete/Not Applicable)
A.5 Security policy
A.6 Organization of information security
A.7 Asset management
A.8 Human resources security
A.9 Physical and environmental security
A.10 Communications and operationsmanagement
A.11 Access control
A.12 Information systems acquisition,development and maintenance
A.13 Information security incidentmanagement
A.14 Business continuity management
A.15 Compliance
Part D: ADDITIONAL INFORMATION BCMS
FOR BCMS (ISO 22301:2012) CERTIFICATION
Do you have an Business Continuity Policy approved by Top Management? / Yes ☐ No ☐Has the policy been communicated to all employees? / Yes ☐ No ☐
Has the policy been communicated to all relevant third party staff? / Yes ☐ No ☐
Please provide list of organisations with whom you have service level agreements for business services / Yes ☐ No ☐
Please provide the list of applicable legal/regulatory requirements. / Yes ☐ No ☐
Do you have other networks connected to your network?
If so, please advise details of all partner networks / Yes ☐ No ☐
Have you prepared the Communications Plan/Procedure? / Yes ☐ No ☐
Have you prepared the mandatory procedures?
- Control of Documents
- Control of Records
- Internal SMS Audits
- Corrective Action
Have you completed Risk Assessment? / Yes ☐ No ☐
Have you completed Business Impact Analysis? / Yes ☐ No ☐
Do you have an established Incident Response Structure? / Yes ☐ No ☐
Have you established procedures for warning and communication? / Yes ☐ No ☐
Have you prepared BCPs – Business Continuity Plans? / Yes ☐ No ☐
Have you completed BCP exercises / BCP tests? / Yes ☐ No ☐
Have you conducted evaluation of Business Continuity procedures? / Yes ☐ No ☐
Have you completed one internal audit of Business Continuity Management System? / Yes ☐ No ☐
Have you completed one Management Review after completing internal BCMS review / BCMS audit? / Yes ☐ No ☐
Any other information relevant to your scope of certification / Yes ☐ No ☐
Part E: ADDITIONAL INFORMATION SMS
SMS (ISO/IEC 20000-1:2011) CERTIFICATION
Governance of Outsourced Processes
Please specify any outsourced Process or Activity and Outsourced Partner. Indicate who is managing it.
Process / Partner / Accountability / Process Definition / Process Performance Review / Process Improvement1.
2.
3.
4.
5.
SMS (ISO/IEC 20000-1:2011) Readiness / Indicate Yes/No or provide information
Have you appointed a Management Representative who is an employee of your organization and reports to top management? / Yes ☐ No ☐
Do you have a Service Management Policy approved by Top Management? / Yes ☐ No ☐
Has the policy been communicated to all employees? / Yes ☐ No ☐
Have you published a Service Catalogue / Service Portfolio? / Yes ☐ No ☐
Has the policy been communicated to all relevant third party staff? / Yes ☐ No ☐
Have you prepared the mandatory procedures for:
Control of Documents
Control of Records
Internal SMS Audits ? / Yes ☐ No ☐
Please provide the list of applicable legal/regulatory requirements. / Yes ☐ No ☐
Please provide list of organizations organisations with whom you have service level agreements for services. / Yes ☐ No ☐
Do you have other networks connected to your network?
If so, please advise details of all partner networks. / Yes ☐ No ☐
Have you completed one internal service management review / internal SMS audit? / Yes ☐ No ☐
Have you identified all processes, or parts of processes, which are operated by other parties? / Yes ☐ No ☐
Have you completed one Management Review after completing internal service management review / SMS audit? / Yes ☐ No ☐
Is there any other information relevant to your scope of certification
SMS (continued) Policies and Procedures
No / POLICY / PROCEDURE / YES / NO / PARTIALService Improvement policy / Yes ☐ Partial ☐ No ☐
HR policy / Yes ☐ Partial ☐ No ☐
Service Management Plan / Yes ☐ Partial ☐ No ☐
Continual Service Improvement / Yes ☐ Partial ☐ No ☐
Customer Complaint / Yes ☐ Partial ☐ No ☐
Supplier Grievances / Yes ☐ Partial ☐ No ☐
Service Level Management / Yes ☐ Partial ☐ No ☐
Service Reporting / Yes ☐ Partial ☐ No ☐
IT Service Continuity and Availability Management / Yes ☐ Partial ☐ No ☐
Financial Management (Budgeting & Accounting) / Yes ☐ Partial ☐ No ☐
Capacity Planning / Yes ☐ Partial ☐ No ☐
Information Security / Yes ☐ Partial ☐ No ☐
Business Relationship Management / Yes ☐ Partial ☐ No ☐
Supplier Management / Yes ☐ Partial ☐ No ☐
Incident Management / Yes ☐ Partial ☐ No ☐
Problem Management / Yes ☐ Partial ☐ No ☐
Configuration Management / Yes ☐ Partial ☐ No ☐
Change Management / Yes ☐ Partial ☐ No ☐
Release Management / Yes ☐ Partial ☐ No ☐
Part F ADDITIONAL INFORMATION BCMS READINESS
ICT Readiness for Business Continuity guideline (ISO/IEC 27031:2011) IRBC CERTIFICATION
Do you have an IRBC Policy approved by Top Management? / Yes ☐ No ☐Has the policy been communicated to all employees? / Yes ☐ No ☐
Has the policy been communicated to all relevant third party staff? / Yes ☐ No ☐
Please provide list of organisations with whom you have service level agreements for ICT services / Yes ☐ No ☐
Please provide the list of applicable legal/regulatory requirements. / Yes ☐ No ☐
Do you have other networks connected to your network?
If so, please advise details of all partner networks / Yes ☐ No ☐
Have you prepared the Communications Plan/Procedure? / Yes ☐ No ☐
Have you prepared the mandatory procedures?
Control of Documents
Control of Records
Internal SMS Audits
Corrective Action
Preventive Action / Yes ☐ No ☐
Have you completed Business Impact Analysis? / Yes ☐ No ☐
Have you identified the gaps between IRBC and BCP? / Yes ☐ No ☐
Do you have an approved IRBC strategy that includes:
Skills and knowledge
Facilities
Technology
Data
Processes
Suppliers / Yes ☐ No ☐
Have you identified performance criteria for ICT readiness? / Yes ☐ No ☐
Have you implemented the IRBC strategy? / Yes ☐ No ☐
Do you have an approved ICT response and recovery plan? / Yes ☐ No ☐
Have you established a process to monitor IRBC? / Yes ☐ No ☐
Have you completed IRBC exercises / IRBC tests? / Yes ☐ No ☐
Have you conducted evaluation of Business Continuity procedures? / Yes ☐ No ☐
Have you completed one internal audit of IRBC? / Yes ☐ No ☐
Have you completed one Management Review audit completion? / Yes ☐ No ☐
Any other information relevant to your scope of certification / Yes ☐ No ☐
International Standards wishes to thank you for taking the time to complete this form and allowing us to offer you our services.
Please return this application form to ISC via email or fax (as appropriate)
Phone: / +61 (2) 9894 6242 / International Standards CertificationsABN31 245 846 984 / Page 1 of 10
Fax: / +61 (2) 9894 6808 / CONFIDENTIAL
EmailEmail / / ISC Form F17BEnqApp, 1.9