Implementation of ISO 27001 Guidelines
How can I make a guideline to make a timeline for the implementation of ISO 27001
Assign topic to the user
In a general manner, to determine the time needed to implement ISO 27001 you need to:
- Identify which deliveries you need to make (e.g., policies, procedures, training, assessment, audits, etc.)
- Identify which tasks are required to produce each result (e.g., interview top management, elaborate a policy draft, submit the draft for evaluation, update draft if needed, approve the final version, etc.)
- Identify how much time you need to perform each task
- Identify the sequence in which these tasks should be executed
After the sequencing, you only have to sum the times of the longest sequence to know how much time you will spend to achieve that result. Of course, this is a great simplification of the method, but for small and medium implementations it works well.
To see how a sequence of tasks for ISO 27001 implementation looks like, please take a look at this free material:
- Project checklist for ISO 27001 implementation (MS Word) https://info.advisera.com/27001academy/free-download/project-checklist-for-iso-27001-implementation?
Regarding times, when you consider all the steps as a whole, you can roughly consider that the steps before the risk management will take you ca 10% of the time, risk assessment ca 30% of the time, implementation of controls ca 50% of the time, and final activities (internal audit, management review, corrective actions) ca 10% of the time.
These articles will provide you further information:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- How long does it take to implement ISO 27001 / BS 25999? https://advisera.com/27001academy/blog/2011/11/08/how-long-does-it-take-to-implement-iso-27001-bs-25999/ - you should also note that this is the timing that is needed for companies that use our toolkits (e.g., ISO 27001 Documentation Toolkit https://advisera.com/27001academy/iso-27001-documentation-toolkit/)
These materials will also help you regarding ISO 27001 schedule development:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ This Foundations course will give you the basics about the standard.
For more advanced knowledge I also suggest the Lead Implementer course for details on how to run the project: https://advisera.com/training/iso-27001-lead-implementer-course/
Comment as guest or Sign in
Feb 10, 2021