Expert Advice Community

Guest

Defining an ISO 27001 implementation project

  Quote
Guest
Guest user Created:   Nov 02, 2018 Last commented:   Nov 02, 2018

Defining an ISO 27001 implementation project

I was told that you are the main expert on the ISO documentation. My organization wants to put a project plan together on filling all of this out and we’re wondering if you have estimated timelines that it takes to perform the various activities. Obviously every organization is different but general guidelines would be good to help us with staff scheduling.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 02, 2018

Answer:

In a general manner, to determine the time needed for each step individually you need to:
1 – Identify which result you have to deliver (e.g., information security policy)
2 – Identify which tasks are required to produce that result (e.g., interview top management, elaborate a policy draft, submit draft for evaluation, update draft if needed, approve final version, etc.)
3 – Identify how much time you need to perform each task
4 – Identify the sequence in which the tasks should be executed

After the sequencing you only have to sum the times of the most long sequence to know how much time you will spent for achieve that result. Of course this is a great simplification of t he method, but for small and medium implementations it works well.

When you consider all the steps as a whole, you can roughly consider that the steps before the risk management will take you ca 10% of the time, risk assessment ca 30% of the time, implementation of controls ca 50% of the time, and final activities (internal audit, management review, corrective actions) ca 10% of the time.

Included with the toolkit you bought you have access to Conformio platform, where you'll find ISO 27001 Step-by-step guide that also can help you.

To get an estimated duration of the whole project you can use our Duration calculator at this link: https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/

These materials will also help you regarding ISO 27001 schedule development:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/ This Foundations course will give you the basics about the standard.

For more advanced knowledge I also suggest the Lead Implementer course for details on how to run the project: https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-lead-implementer-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 02, 2018

Nov 02, 2018

Suggested Topics

Guest user Created:   Sep 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Implementation process

Guest user Created:   Apr 16, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 implementation

Guest user Created:   Mar 26, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISMS Implementation Flow