Business Case for the implementation of an ISMS

Answer: ISO 27001 does not require development of a business case for ISMS implementation, although the elaboration of such material can be very useful to help you to identify business objectives related to information security and buy in the top management support for this project, and to define top-level objectives for the ISMS (which are mandatory for the standard).

These articles will provide you further explanation about getting top management support:
- How to gain employee buy-in when implementing cybersecurity according to ISO 27001 https://advisera.com/27001academy/blog/2017/07/03/how-to-gain-employee-buy-in-when-implementing-cybersecurity-according-to-iso-27001/
- Top management perspective of information security implementation https://advisera.com/27001academy/blog/2012/12/04/top-management-perspective-of-information-security-implementation/

These materials will also help you regarding top management support:
- Book Secure & Simple: A Small-Business Guide to Implem enting ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/