Planning & Implementing ISO 27001

3 Aug

In Today’s modern era security is still a big challenge for any sized organizations until you don’t have some form of control in place. These controls are necessary as information is one of the most valuable assets that a business owns. If you are IT services Provider and handling customers information then you must have to use security techniques such as Information Security Management System (ISMS).

What is ISMS?

In Layman term, ISMS is a framework of policies and procedures that include all legal, physical and technical controls involved in overall organization’s information risk management processes. Let us now move to the main focus area of this post which is planning & implementing ISO 27001.

Planning the Implementation 

Before implementation of ISO 27001, one needs to consider the cost of implementation, duration of the project, understanding of the model. In today’s time, every organization who wants to cut the cost without compromising the information security are looking at ISO 27001 certification as a promising means to provide knowledge about their IT security. The major cost involved in ISMS can be categorized as :

  • Internal Cost, such as resource cost including HR function, IT function, and support functions.
  • External Cost, such as consultants cost and this would be again to minimize the efforts required and reduce the cost.
  • Certification Cost, this is one of the costs which cannot be reduced as there are few companies providing certification and one has to pay the certification cost certifying bodies.
  • Implementation Cost, this can be analyzed by gap analysis and risk assessment procedure.

Another question may arise in your mind, how much time is required to complete this certification? On an average, the time four to nine months is required depending on how mature an organization is in term of Information security, and size & nature of the organizations.

As any standard practice, ISO 27001 requires a company to establish, implement and maintain a continuous improvement approach to manage its ISMS and it follows Plan-do-check-act (PDCA) Cycle.


  1. Phase 1—Identify Business Objectives.
  2. Phase 2—Obtain Management Support.
  3. Phase 3—Select the Proper Scope of Implementation.
  4. Phase 4—Define a Method of Risk Assessment.
  5. Phase 5—Prepare an Inventory of Information Assets to Protect, and Rank Assets According to Risk and Classification Based on Risk Assessment.
  6. Phase 6—Manage the Risks, and Create a Risk Treatment Plan.
  7. Phase 7—Set Up Policies and Procedures to Control Risks.
  8. Phase 8—Allocate Resources, and Train the Staff.
  9. Phase 9—Monitor the Implementation of the ISMS.
  10. Phase 10—Prepare for the Certification Audit.
  11. Phase 11—Conduct Periodic Reassessment Audits

Conclusion: The success of ISO 27001 is its alignment with the business objectives and effectiveness in realizing those objectives. IT and other departments/functions play an important role in the implementation phase. An organization also needs to have the detailed understanding of PDCA implementation phases.

In the next article in the same series, I’ll try to explain each phases mentioned in PDCA Cycle and highlights on the importance of ISO 27001.

Thanks for reading this article, share your views.

Integrating PayUmoney payment gateway in PHP

10 Jun


Today I am going to explain, how you can integrate PayUmoney in your custom PHP based website. In initial stage of plan to integrate PayUmoney to the website seems to be little confusing to those who are not doing regular coding but once you get involved, it seems to be easy one.  If you have gone through the technical document of PayUmoney, then most of the things are clearly mentioned as easy to understand.

Here is the step by step guide to integrate PayUmoney payment gateway in your site:

  1. Go to and sign up as a merchant account.
  2. At time of sign up you need to use your valid email id.
  3. Then fill all required business details. Use this details for PAN no. ABCDE1234F (use your PAN Number) and DOB – (dd/mm/yyyy) .
  4. Add your bank detail, note you can add whatever bank name and details use this IFSC – ALLA0212632 in place of IFSC.
  5. Don’t worry about bank details verification as you know this is your test account only.
  6. Once your required steps are completed and your account is live,then write mail to support team : ( for activating your account and to provide salt key.
  7. Now after activation you can get your key go to Manage Account ⇒ My Account ⇒ Merchant -Key Salt copy your key and paste in your code.
  8. After receiving you salt key, you are ready to test the code which can be downloaded from PayUmoney site also.

I hope following these easy steps, you can easily integrate PayUmoney to your website.

Sample Code

You can also download the sample code from


Note:- Don’t forget to change the Merchant Key & Salt in the code.


SCORM: Making LSM effective

29 Apr

scormSCORM is short for Shared Content Object Reference Model. As then name implies it is a Reference Model for creating SCO’s for creating web based training that is able to be shared among  other SCORM complaint LMS or content delivery system.

In simple words SCORM is standard to be followed for delivering content, if you follow the standard then only one time content investment for you.

Advance distributed Learning or The ADL is the body that manages SCORM specification and it addressed four high level requirements :

  • Re-usability: The flexibility or ability to incorporate course material in multiple instructions.
  • Interoperability: The ability to take course material developed in one location with one set of platform and use them in other set of tools and platform with different location.
  • Accessibility: The ability to access and locate course material from location and deliver them in multiple locations.
  • Durability: This is one of the best I found and it provides the ability to withstand technology changes without redesign or reconfiguration and hence you can say that it saves lot of effort and  millions dollars.. 🙂

Now you have some basic understanding of SCORM and lets quickly move to its sub specification which will help you in understanding it in detail.

Basically SCORM is composed of three sub- specification namely:

  1.  The Content Aggregation: The content Aggregation Model is based on XML and specifies how Scorum content should be described and aggregated which promotes consistent storage, lebeling and packaging. This model uses mainly three technologies namely ‘Content Model‘ which help in creating learning experience and explains how these componets can be organised. Second is Metadata which describes the nature & purpose of package and the third one is ‘Content Packaging‘ is the collection of all files required to run the content and it enables learning to be shared between tools and system.
  2. Run-Time Environment: Run- Time Environment section is based on Javascript and specify how the content communicates with LMS. It works on API’s which provide a standardized communication mechanism to communicate SCO’s. The API is responsible for setting and getting information such as score, time limit etc.
  3. Sequencing & Navigation: Sequencing and Navigation specifies the rules by which a learner cab navigate between shared content. SCORM sequencing is generally based on concept of Activity tree where rules are attached to each content for sequencing and navigation defines how learning contents events are triggered.

Most of the things are clear so lets quickly move to its implementation part.

Implementing SCORM with PHP

The first thing we need to understand the every implementation vary depending upon what you are trying to implement and you need to determine whether you site is eLearning or just content delivery site. Let us see we an example where you want built a SCORM player in PHP.

  • An importer, that reads XML from the imsmanifest.xml file and creates a representation in your system, if needed. The most important thing in this file is to find the “launch point” of the SCORM content.
  • A SCORM engine, in javascript, that will communicate with the SCORM content.
  • A database backend, to store what needs to be stored (based on the specification)

The second bullet points mentioned above is the most important and difficult portion. I have mentioned the steps for beginners and I can tell you that implementing SCORM from scratch is difficult as you need to work on lots on API to connect with different vendors.

You’re always beginning when you are moving forward.

25 Apr

You never fully become a leader. Goals are achieved. Character is pursued. Humility is the most challenging pursuit. Illusive: All character qualities are illusive. Courage, restraint, and love have new expressions in new circumstances. One day’s success is, at best, another days platform. Humility of all character qualities is most illusive. Mac Davis mockingly sang, “Oh […]

via Oh Lord it’s Hard to Be Humble — Leadership Freak

Women Use Pinterest, But They Don’t Run It

24 Jul

Product Manager Day 77: More than Requirements

24 Apr

wasabi geek

It’s been a month since we launched a new feature – and last I checked, no one was using it.

View original post 178 more words

Six Reasons to Make a Career Change

10 Dec

Career Change is very important to learn new thing and to find a significant growth. Everyone has a different thinking  on this but there is a common six reason to make a career change.
Knowing all the reasons exactly means you can address each one of them directly.
People change jobs for many …

%d bloggers like this: