Guest user Created: Aug 17, 2017 Last commented: Aug 17, 2017

Definition of implementation for an ISO 27001 project

We are in the planning stages of implementation of ISO27001 and are using Conformio to plan the project. I have a questions about the Free Calculator – Duration of ISO27001/ISO22301 Implementation tool. What does the tool use as a definition of implementation complete? For instance is Risk Assessment complete, procedures written and employees trained the definition of complete? Or does complete also include 3 months of the system in operation or is it ISO certification or some other measure? Would appreciate some additional insight into the definition of project complete

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 17, 2017

Answer: The calculator considers as required time for implementation the performing of at least one cycle of the Information Security Management System, which starts with organization's context understanding (standard's clause 4.1), goes through implementation, operation and control of the system, and finishes with the outputs established in the management review of the system (standard's clause 9.3), covering decisions related to continual improvement opportunities and a ny needs for changes of the information security management system.

Basically, the calculator will tell you the time needed for your company to become ready for the certification.

The 3 months of the system in operation is required by some certification bodies, but not all. Therefore, our calculator did not take this time into account.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 17, 2017

Expert Advice Community