Expert Advice Community

Guest

Implementing ISO 27001 in a greenfield

  Quote
Guest
Guest user Created:   Nov 26, 2020 Last commented:   Nov 26, 2020

Implementing ISO 27001 in a greenfield

 sincerely hope my email finds you well and safe. Just want to pick your brain about implementing an ISMF in a greenfield site.

1 - What are the key considerations when implementing an ISMF such as the ISO 27001 in a greenfield site – i.e. an organization where there are nothing in terms of security policy or practice. Would we go through the normal workflow of implementing ISO 27001 or are there deviations?

2 - Can you suggest any additional resources I could use for greenfield implementation?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 26, 2020

1 - What are the key considerations when implementing an ISMF such as the ISO 27001 in a greenfield site – i.e. an organization where there are nothing in terms of security policy or practice. Would we go through the normal workflow of implementing ISO 27001 or are there deviations?

ISO 27001 was designed to be implemented in organizations of any size and industry, so the general steps are the same, including a greenfield site. In fact, in some cases, the absence of previous security policies or practices is good because it does not bring undesired behavior and minimizes resistance to change.

Broadly speaking, after getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:

  • defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties;
  • development of risk assessment and treatment methodology;
  • perform a risk assessment and define the risk treatment plan;
  • controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
  • people training and awareness;
  • controls operation;
  • performance monitoring and measurement;
  • perform an internal audit;
  • perform management critical review; and
  • address nonconformities, corrective actions, and opportunities for improvement.

To see how documents compliant with ISO 27001 look like, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

This article will provide you a further explanation of ISMS implementation:

2 - Can you suggest any additional resources I could use for greenfield implementation?

These materials will also help you regarding ISO 27001 implementation:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 26, 2020

Nov 26, 2020

Suggested Topics