ISO 27001 implementation phases
Assign topic to the user
(I used the calculator and got: Estimated number of months required for implementation: 10 - However, we would like to know from your experience how much time is estimated for each phase and so we can put together the project plan and give an estimated date to top management.)
Answer: Considering the 10 month period you estimated, a good estimation of phases duration are:
Months 1-2: Project planning and elaboration of basic management system documentation (e.g., ISMS scope, information security policy, procedure for documentation control, procedure for internal audit, procedure for risk assessment and treatment, etc.)
Month 2-3: Carrying out the risk assessment and risk treatment plan elaboration
Month 4: Information security policies and procedures elaboration
Months 5-8 : Implementation, operation and evaluation of policies and procedures ( at this point some corrective actions may be required)
Month 9: Internal audit and management review
Month 10: Treatment of internal audit nonconformities and management review decisions
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 03, 2017