Implementing and verifying items
Cómo se implementa y cómo se verifica el cumplimieNto de cada ITEM?
Assign topic to the user
I’m assuming you are referring to ISO 27001.
Considering that, to implement ISO 27001, broadly speaking, after getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:
- defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties;
- development of risk assessment and treatment methodology;
- perform a risk assessment and define the risk treatment plan;
- controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
- people training and awareness;
- controls operation;
- performance monitoring and measurement;
- perform an internal audit;
- perform management critical review; and
- address nonconformities, corrective actions, and opportunities for improvement.
To see how documents compliant with ISO 27001 look like, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/
This article will provide you a further explanation of ISMS implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
These materials will also help you regarding ISO 27001 implementation:
- How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
How is the compliance of each ITEM verified?
Compliance verification is performed by means of an internal audit. For the preparation for an internal audit you should consider these general steps:
- identification of the audit scope (is it the whole scope or only part of it?)
- review of the ISMS documents related to the audit scope (e.g., policies, procedures, and records), considering the main clauses from the standard (from sections 4 to 10), and controls from Annex A stated as applicable in your Statement of Applicability (SoA).
- review the status of the actions related to the decisions made in the last management review.
- review the status of the raised nonconformities and opportunities for improvement.
These articles will provide you a further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/
These materials will also help you regarding internal audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
- Free online training ISO 27001:2013 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Mar 10, 2021