How to use ISO 27001 in the hospital

ISO 27001 was designed to be implemented in organizations of any size and industry, and broadly speaking, these are the general steps to implement it on any organization:

1. get support for your project (through approval of the ISMS project plan);
2. develop the Procedure for Document and Record Control:
3. define the ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties;
4. develop risk assessment and treatment methodology;
5. perform a risk assessment and define the risk treatment plan;
6. controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
7. people training and awareness;
8. controls operation;
9. performance monitoring and measurement;
10. perform an internal audit;
11. perform management critical review; and
12. address nonconformities, corrective actions, and opportunities for improvement.

Regarding ISO 27001 implementation approaches, you have three options:

• Implementing with your own employees (in general the cheapest and longest)
• Hiring a consultant (in general the costliest and fastest)
• Implementing by yourself with external support (a balanced solution)

Each one of them has its advantages and disadvantages, related to time, resources, and knowledge. For more information, I suggest the following materials:

• 3 strategic options to implement any ISO standard https://advisera.com/blog/2016/04/11/3-strategic-options-to-implement-any-iso-standard/
• Implementing ISO 27001 with a consultant vs. DIY approach https://info.advisera.com/27001academy/free-download/implementing-iso-27001-with-a-consultant-vs-diy-approach

Advisera is specialized in the third approach. We offer toolkits with templates and expert support, and also free material in the form of articles, papers, and webinars, to help you with your implementation project. Please see these materials for more information:

• ISO 27001 Documentation Toolkit https://advisera.com/27001academy/iso-27001-documentation-toolkit/
• How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/

This article will provide you a further explanation about ISMS implementation:

• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

These materials will also help you regarding ISO 27001 implementation:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/