Case Study: Dual ISO Recertification Audit for Integrated Corporate Solutions (Jordan)

The audit identified no major non-conformities, indicating strong system compliance. Numerous good practices (GP) were documented, with some areas highlighted for potential improvement (PI).

HR & Recruitment

• Roles and responsibilities clearly defined and communicated.
• Background checks and NDAs in place.
• Security awareness training conducted regularly.
• Offboarding and asset recovery procedures established.

Procurement

• ERP-based purchase management and vendor approvals in place.
• Warranties maintained for equipment.
• SOPs evidenced for procurement workflows.
• Note: Inventory management transitioning from Excel to cloud-based system (CM).

IT Security

• In-house ISMS training and regular risk assessments.
• VAPT (Vulnerability Assessment & Penetration Testing) handled internally.
• Segregated networks and SIEM analysis in place.
• WAF secured all web applications.

Sales & Customer Engagement

• SLAs clearly maintained and communicated.
• Client data securely managed in ERP.
• Regular client feedback and courtesy visits recorded.

Software Development

• Documented PDLC using reliable technologies (PHP, .NET).
• Manual testing performed; test cases maintained via logs.
• High-level and low-level designs documented.

Customer Care

• Ticketing and escalation procedures documented.
• CSAT (Customer Satisfaction) reports generated.
• Abandoned call monitoring and client updates tracked.

Network Operations Centre (NOC)

• Tickets and media backup procedures in place.
• Training provided on the job.
• Planned outages communicated to customers in advance.

Platform & Datacenter Teams

• SLAs and SOPs updated annually.
• Robust physical and digital security in the datacentre.
• Fire barriers, redundant systems, and video surveillance installed.
• Improvement Suggested: Enhance formal policy on secure data destruction.