Guide for the implementation of ISO 27001
Assign topic to the user
Answer:
Of course! We have an easy method to implement the standard, composed by 16 steps. This method is applicable for any company, including a medium size insurance company:
1.- Obtain management support
2.- Treat is as a project
3.- Define the scope
4.- Write an ISMS Policy
5.- Define the Risk Assessment methodology
6.- Perform the risk assessment & risk treatment
7.- Write the Statement of Applicability
8.- Write the Risk Treatment Plan
9.- Define how to measure the effectiveness of controls
10.- Implement the controls & mandatory procedures
11.- Implement training and awareness programs
12.- Operate the ISMS
13.- Monitor the ISMS
14.- Internal audit
15.- Management review
16.- Corrective and preventive actions
For more information about these steps, please read this article “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
And this diagram can help you to start the implementation of the standard in your organization “Diagram of ISO 27001:2013 Implementation (PDF)” : https://advisera.com/27001academy/iso-management/begin-the-implementation/
Finally, these materials will help you to know more about how to implement the standard:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Oct 05, 2016