Improving an information security program
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: Considering that your audit was based on ISO 27001, the first thing you should do is consider the results of your audit against the results of your risk assessment (if you did not performed a risk assessment, this is a good moment to do that). By doing that you can identify and prioritize which controls to work first based on the quantity or relevance of the risks affected by them.
Once you have identified which controls to treat first, you should:
- define objectives to be achieved (based on already existent goals or on new defined goals);
- analyse the situation of each control, to identify what should be done (eliminate root causes for the problems, or implement potential improvements)
- define action plans to establish resources, deadlines and respon sible for each action that will be implemented.
This article will provide you further explanation about implementing improvements:
-Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
These materials will also help you regarding implementing improvements:
- Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 09, 2018