ISO 27001 implementation

Answer:

Broadly speaking, to implement ISO 27001 an organization has to:
- Obtain top management support
- Define and document a scope based on the needs and expectations of interested parties relevant to information security
- Define, document and communicate an information security policy
- Define roles and responsibilities relevant to operation and management of information security
- Define a risk assessment and treatment methodology
- Define and allocate competencies and resources for the opera tion and management of information security
- Implement risk assessment and risk treatment
- Operate the security controls and generate the necessary records
- Measure, monitor and evaluate the information security performance
- Implement corrections and improvements

To increase chances of success, it is important that persons involved have experience in project management and know edge of the standard.

Since you stated that you are already using our free materials, as additional guidance, I suggest you to take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

With this demo you can see how the mandatory, and most commonly used, documents to implement ISO 27001 looks like and they may give you insights to help with you implementation.