Case Study: Dual ISO Recertification Audit for Integrated Corporate Solutions (Jordan)
Client Background
Client Industry: Internet Services & ICT Solutions
Standards Audited: ISO 20000-1:2018 (IT Service Management) and ISO 27001:2022 (Information Security Management)
Location: Amman, Jordan
Audit Type: Recertification Audit
Conducted by: Certification Body | Popularcert
Audit Dates: 29–30 April 2023
Integrated Corporate Solutions, a technology leader based in Amman, Jordan, provides advanced internet services, ICT infrastructure, hosting, and managed network solutions. With a strong reputation in the Jordanian market, the company supports both corporate and individual clients with a wide range of services including cloud platforms, cybersecurity, and telecom-grade infrastructure.
As part of its long-term commitment to quality and security, the company pursued recertification for two internationally recognized standards:
- ISO 20000-1:2018 for IT Service Management
- ISO 27001:2022 for Information Security Management
These recertifications aimed to reaffirm their service excellence, risk management, and operational maturity.
Project Objective
The objective of this project was to perform a dual recertification audit to:
- Assess ongoing compliance with ISO 20000-1 and ISO 27001 standards.
- Review the effectiveness of the integrated management system.
- Identify strengths and potential improvements across technical, operational, and security processes.
- Provide recommendations on recertification status.
Types Of Certification
- ISO Certification
- ISO 9001 Certification
- ISO 14001 Certification
- ISO 45001 Certification
- ISO 22000 Certification
- ISO 27001 Certification
- ISO 17025 Certification
- ISO 13485 Certification
- CE Mark Certification
- ISO 20000-1 Certification
- GMP Certification
- Halal Certification
- SOC-1 certification
- SOC-2 certification
Get Free Consultation
Our Clients
Audit Scope and Approach
Scope Statement:
“Providing, supplying, installing, operating, maintaining & managing of internet and related services, communication solutions, security, optimization, hosting, multimedia messaging, and integrated technical solutions.”
The audit was conducted in accordance with ISO 19011:2002 guidelines and reviewed multiple departments, including:
- HR & Recruitment
- Procurement
- IT Security
- Sales
- Software Development
- Customer Care
- NOC (Network Operations Center)
- Platform Team
- Datacentre Operations
Auditor interviews, document reviews, walkthroughs of physical sites, and system verifications were carried out over two days.
Key Findings and Observations
The audit identified no major non-conformities, indicating strong system compliance. Numerous good practices (GP) were documented, with some areas highlighted for potential improvement (PI).
HR & Recruitment
- Roles and responsibilities clearly defined and communicated.
- Background checks and NDAs in place.
- Security awareness training conducted regularly.
- Offboarding and asset recovery procedures established.
Procurement
- ERP-based purchase management and vendor approvals in place.
- Warranties maintained for equipment.
- SOPs evidenced for procurement workflows.
- Note: Inventory management transitioning from Excel to cloud-based system (CM).
IT Security
- In-house ISMS training and regular risk assessments.
- VAPT (Vulnerability Assessment & Penetration Testing) handled internally.
- Segregated networks and SIEM analysis in place.
- WAF secured all web applications.
Sales & Customer Engagement
- SLAs clearly maintained and communicated.
- Client data securely managed in ERP.
- Regular client feedback and courtesy visits recorded.
Software Development
- Documented PDLC using reliable technologies (PHP, .NET).
- Manual testing performed; test cases maintained via logs.
- High-level and low-level designs documented.
Customer Care
- Ticketing and escalation procedures documented.
- CSAT (Customer Satisfaction) reports generated.
- Abandoned call monitoring and client updates tracked.
Network Operations Centre (NOC)
- Tickets and media backup procedures in place.
- Training provided on the job.
- Planned outages communicated to customers in advance.
Platform & Datacenter Teams
- SLAs and SOPs updated annually.
- Robust physical and digital security in datacentre.
- Fire barriers, redundant systems, and video surveillance installed.
- Improvement Suggested: Enhance formal policy on secure data destruction.
ISO 27001 Internal Audit Checklist
Recommendations
Although the overall system was strong, the following points were suggested for further strengthening:
- Finalize transition to cloud-based inventory and asset tracking.
- Improve data destruction policy to meet international best practices.
These were classified as Potential Improvements (PI) or Comments (CM) and should be addressed before the next surveillance audit.
Outcome and Certification Status
Based on audit results, the client was recommended for recertification for both ISO 20000-1 and ISO 27001 standards.
This successful recertification reflects:
- Continued maturity in IT service delivery.
- A proactive approach to cybersecurity.
- Commitment to compliance and service excellence.
Business Impact
Achieving dual ISO recertification helped the company:
- Strengthen its market position in Jordan and the wider MENA region.
- Gain the trust of enterprise and government clients.
- Streamline service delivery, risk mitigation, and client support.
- Demonstrate leadership in quality and data protection.
Need ISO Certification Support in Jordan?
Popularcert provides expert consulting and audit support for ISO 27001, ISO 20000, ISO 9001, and other global standards. We help you simplify compliance, implement best practices, and prepare for successful audits.
Contact us for:
- ISO audits and pre-assessments
- Internal auditor training
- Full-cycle certification support
- ITSM and ISMS consulting services
🌐 www.popularcert.com | ✉️ [email protected]
🌍 Serving clients across Jordan, MENA, and beyond
GET A FREE CONSULTATION NOW
FAQ
Why did Integrated Corporate Solutions pursue dual ISO recertification?
They aimed to reaffirm their commitment to IT service quality and information security, ensuring continued compliance with ISO 20000-1:2018 and ISO 27001:2022 to maintain client trust and market competitiveness.
What were the main findings of the audit?
The audit found no major non-conformities, noted several good practices across departments, and highlighted a few areas for improvement such as enhancing the data destruction policy and finalizing the transition to a cloud-based inventory system.
How did Popularcert contribute to the recertification success?
Popularcert facilitated a comprehensive and efficient audit process, helping the client align with both ISO standards through expert guidance, system evaluations, and actionable improvement suggestions.