ISMS Implementation Flow
I would like to take this opportunity to thank you for your webinar yesterday.
I would request you to please share some ideas / opinion on the below mentioned ISMS implementation flow in chronological order. Your opinion or suggestion will be a great help for me.
STEPS INVOLVED IN ISMS IMPLEMENTATION
01) Discussion with the top management for implementation of ISMS
02) Planning of awareness programme
03) Define of scope
04) Discuss & document the statutory & regulatory requirements (security) applicable to organisation
4a) Risk identification (HAPPENS PARALLEL)
1) Identification of assets
2) Risk assessment & treatment plan
4b) Scope of applicability
1) Discussion & Understanding of the controls & applicability to organisation
05) Discuss & document the internal & external issues
06) Define & discuss the interfaces & dependencies within the processes in the organisation
07) Awareness training on ISMS certification across the organisation staff
08) Define document applicable ISMS documents, Roles & responsibilities
09) Implementation of controls within the organisation
10) Monitor implementation progress
11) Internal Audit after implementation
12) Management Review meeting
13) MRM outcome implementations & improvements
14) Preparation for external (certification) Audits
Assign topic to the user
ISO 27001 FOUNDATIONS COURSE
Everything you need to know about ISO 27001.
Enroll for free 
ISO 27001 FOUNDATIONS COURSE
Everything you need to know about ISO 27001.
Enroll for free
ISO 27001 FOUNDATIONS COURSE
Everything you need to know about ISO 27001.
Enroll for free
In a general way, you covered all necessary steps, but the order for an optimized implementation effort would be a bit different.
After getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:
1) defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational context and requirements of interested parties;
2) development of risk assessment and treatment methodology;
3) perform a risk assessment and define the risk treatment plan;
4) controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
5) people training and awareness;
6) controls operation;
7) performance monitoring and measurement;
8) perform internal audit;
9) perform management critical review; and
10) address nonconformities, corrective actions, and opportunities for improvement.
This article will provide you a further explanation about ISMS implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
These materials will also help you regarding ISO 27001 implementation:
- Project checklist for ISO 27001 implementation (MS Word) https://info.advisera.com/27001academy/free-download/project-checklist-for-iso-27001-implementation
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
To see how documents compliant with ISO 27001 looks like, I suggest you take a look at the free demo of our ISO 27001 documentation toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
Comment as guest or Sign in
Mar 26, 2021