Guest user Created: Jul 26, 2017 Last commented: Jul 26, 2017

Implementation steps

We prepare the mandatory documentation required by the standard, do documentation review whether policies are implemented and now we have risk assessment and risk treatment plan. My question is what is the next step after this

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 26, 2017

Answer: For ISO 27001 implementation, after the risk treatment plan you should consider:

- Definition on how to measure the effectiveness of controls
- Implement the controls & mandatory procedures (not only documentation, but also technical and physical controls)
- Implement training and awareness programs
- Operate and monitor the system
- Perform internal audit and management review
- Implement corrective and preventive actions as needed

This article will provide you further explanation about implementation steps:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

These materials will also help you regarding implementation steps:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 26, 2017

Expert Advice Community