Implementation options
Assign topic to the user
Answer: ISO 27001 requires the establishment of responsibilities relevant to information security, but the organizations are free to divide them, or not, according to their necessities and perceived risks. So, it is possible to implement ISO 27001 without a division of responsibility in the business, provided that identified unacceptable risks related to not dividing responsibilities are properly treated.
These articles will provide you further explanation about responsibilities in ISO 27001:
- How to document roles and responsibilities according to ISO 27001 https: //advisera.com/27001academy/blog/2016/06/20/how-to-document-roles-and-responsibilities-according-to-iso-27001/
- Roles and responsibilities of top management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/06/09/roles-and-responsibilities-of-top-management-in-iso-27001-and-iso-22301/
These materials will also help you regarding responsibilities in ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
2 - What route to certification do you recommend? How can you help?
Answer: Regarding ISO 27001 implementation, you have three options:
- Implementing with your own employees
- Hiring a consultant
- Implementing by yourself with external support
Each one of them have their advantages and disadvantages, related to time, resources and knowledge. For more information, I suggest you the following materials:
- 3 strategic options to implement any ISO standard https://advisera.com/blog/2016/04/11/3-strategic-options-to-implement-any-iso-standard/
- Implementing ISO 27001 with a consultant vs. DIY approach https://info.advisera.com/27001academy/free-download/implementing-iso-27001-with-a-consultant-vs-diy-approach
Advisera is specialized in the third approach. We offer toolkits with templates and expert support, and also free material in form of articles, papers and webinars, to help you with your implementation project. Please see these materials for more information:
- ISO 27001 Documentation Toolkit https://advisera.com/27001academy/iso-27001-documentation-toolkit/
- How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/
Comment as guest or Sign in
Mar 26, 2018