Critical success factors for the implementation of the Standard

 1 - What are the critical success factors for the implementation of the Standard?

Answer: Some common main success factors to ensure ISO 27001 implementation are:
- top management support
- clear objectives (aligned with business objectives)
- clear roles and responsibilities
- trained personnel
- regular performance review

These articles will provide you a further explanation about some success factors:
- 4 crucial techniques for convincing your top management about ISO 27001 implementation https://advisera.com/27001academy/blog/2016/09/12/4-crucial-techniques-for-convincing-your-top-management-about-iso27001-implementation/
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/

2 - According to experience, how long is the average time for an SME to implement the Standard?

Answer: The time to implement ISO 27001 will depend on many variables, like the size of the organization, the complexity of the scope, the resources available, etc., but in general, for small-sized organizations (e.g. 20 to 50 employees) the implementation duration is ca 6 months.

To have an estimate based on your organization context, I suggest you take a look at our free ISO 27001/ISO 22301 Implementation Duration Calculator at this link: https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/

This article will help you: 
-How long does it take to implement ISO 27001 https://advisera.com/27001academy/blog/2011/11/08/how-long-does-it-take-to-implement-iso-27001-bs-25999/

3 - What is the structure that must be created to implement, maintain the Standard in the company

Answer: To implement the standard you should consider a project structure, this article can be useful for you “ISO 27001 implementation checklist”: https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

 This article will provide you a further explanation about information security organization:
- How to maintain the ISMS after the certification https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/

 These materials will also help you regarding information security organization:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

4 - Is it important to work on a change management plan for the implementation to be a success?

Answer: Integrating information security into business processes and culture can be a big challenge, and many things can go wrong, so it is highly recommended that a change management approach be adopted, to ensure that risks related to ISO 27001 implementation are properly managed, and implementation goes forward only when authorized by the proper personnel.

This material can provide further information:
- Seven key problems to avoid in ISO 27001 implementation [free webinar on demand] https://advisera.com/27001academy/webinar/seven-key-problems-to-avoid-in-iso-27001-implementation-free-webinar-on-demand/