Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Critical success factors for the implementation of the Standard

  Quote
Guest
Guest user Created:   Sep 01, 2020 Last commented:   Sep 01, 2020

Critical success factors for the implementation of the Standard

 Cuales son los factores criticos de exito para la implementacion de la Norma?
Segun la experiencia cuanto es el tiempo promedio para una PYME en implementar la Norma?
Cual es la estructura que debe crearse para implementar, mantener la Norma en la empresa
Es importante trabajar un plan de manejo del cambio para que sea un exito la implementacion?

(What are the critical success factors for the implementation of the Standard?
According to experience, how long is the average time for an SME to implement the Standard?
What is the structure that must be created to implement, maintain the Standard in the company
Is it important to work on a change management plan for the implementation to be a success?)

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 01, 2020

 1 - What are the critical success factors for the implementation of the Standard?

Answer: Some common main success factors to ensure ISO 27001 implementation are:
- top management support
- clear objectives (aligned with business objectives)
- clear roles and responsibilities
- trained personnel
- regular performance review

These articles will provide you a further explanation about some success factors:
- 4 crucial techniques for convincing your top management about ISO 27001 implementation https://advisera.com/27001academy/blog/2016/09/12/4-crucial-techniques-for-convincing-your-top-management-about-iso27001-implementation/
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/

2 - According to experience, how long is the average time for an SME to implement the Standard?

Answer: The time to implement ISO 27001 will depend on many variables, like the size of the organization, the complexity of the scope, the resources available, etc., but in general, for small-sized organizations (e.g. 20 to 50 employees) the implementation duration is ca 6 months.

To have an estimate based on your organization context, I suggest you take a look at our free ISO 27001/ISO 22301 Implementation Duration Calculator at this link: https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/

This article will help you: 
-How long does it take to implement ISO 27001 https://advisera.com/27001academy/blog/2011/11/08/how-long-does-it-take-to-implement-iso-27001-bs-25999/

3 - What is the structure that must be created to implement, maintain the Standard in the company

Answer: To implement the standard you should consider a project structure, this article can be useful for you “ISO 27001 implementation checklist”: https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

 This article will provide you a further explanation about information security organization:
- How to maintain the ISMS after the certification https://advisera.com/27001academy/blog/2014/07/14/how-to-maintain-the-isms-after-the-certification/

 These materials will also help you regarding information security organization:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/

4 - Is it important to work on a change management plan for the implementation to be a success?

Answer: Integrating information security into business processes and culture can be a big challenge, and many things can go wrong, so it is highly recommended that a change management approach be adopted, to ensure that risks related to ISO 27001 implementation are properly managed, and implementation goes forward only when authorized by the proper personnel.

This material can provide further information:
- Seven key problems to avoid in ISO 27001 implementation [free webinar on demand] https://advisera.com/27001academy/webinar/seven-key-problems-to-avoid-in-iso-27001-implementation-free-webinar-on-demand/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 31, 2020

Aug 31, 2020

Suggested Topics

Guest user Created:   Sep 23, 2021 ISO 27001 & 22301
Replies: 3
0 0

ISO 27001 implementation

Guest user Created:   Sep 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO27001 Implementation

Guest user Created:   Sep 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Implementation process