Take the ISO 27001 course exam and get the EU GDPR course exam for free

Expert Advice Community


Implementing and verifying items

Guest user Created:   Mar 10, 2021 Last commented:   Mar 10, 2021

Implementing and verifying items

Cómo se implementa y cómo se verifica el cumplimieNto de cada ITEM?

0 0

Assign topic to the user


Step-by-step implementation for smaller companies.


Step-by-step implementation for smaller companies.

Rhand Leal Mar 10, 2021

I’m assuming you are referring to ISO 27001.

Considering that, to implement ISO 27001, broadly speaking, after getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:

  • defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties;
  • development of risk assessment and treatment methodology;
  • perform a risk assessment and define the risk treatment plan;
  • controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
  • people training and awareness;
  • controls operation;
  • performance monitoring and measurement;
  • perform an internal audit;
  • perform management critical review; and
  • address nonconformities, corrective actions, and opportunities for improvement.

To see how documents compliant with ISO 27001 look like, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

This article will provide you a further explanation of ISMS implementation:

These materials will also help you regarding ISO 27001 implementation:

How is the compliance of each ITEM verified?

Compliance verification is performed by means of an internal audit. For the preparation for an internal audit you should consider these general steps:

  • identification of the audit scope (is it the whole scope or only part of it?)
  • review of the ISMS documents related to the audit scope (e.g., policies, procedures, and records), considering the main clauses from the standard (from sections 4 to 10), and controls from Annex A stated as applicable in your Statement of Applicability (SoA). 
  • review the status of the actions related to the decisions made in the last management review.
  • review the status of the raised nonconformities and opportunities for improvement.

These articles will provide you a further explanation about internal audit:

These materials will also help you regarding internal audit:

0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 10, 2021

Mar 10, 2021