LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

ISMS implementation - digital banking sw engineering

  Quote
Guest
Guest user Created:   May 08, 2020 Last commented:   May 08, 2020

ISMS implementation - digital banking sw engineering

As part of a case study I'm working on, I need to describe a plan of action and the expected impact on the SW engineering dept of a digital banking company. The new CISO decided to introduce an ISO27001 ISMS and aims for the certification in 3 years. I have been tasked with implementing this framework in the SW engineering dept.

Can you help me structure the main guidelines and controls I should look at? I can make assumptions of course, but I'm not really sure how to best tackle.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 08, 2020

For the implementation of ISO 27001, after getting support for the project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:

  • defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties
  • development of risk assessment and treatment methodology
  • perform a risk assessment and define the risk treatment plan
  • controls implementation (e.g., policies and procedures documentation, acquisitions, etc.). Considering an SW engineering department, mostly certain, you will need to consider the controls from section A.14 - System acquisition, development, and maintenance
  • people training and awareness
  • controls operation
  • performance monitoring and measurement
  • perform internal audit
  • perform management critical review
  • address nonconformities, corrective actions, and opportunities for improvement.

These articles will provide you a further explanation about ISMS implementation:

These materials will also help you regarding ISO 27001 implementation:

To see how documents for an ISMS looks like, please take a look at our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

May 08, 2020

May 08, 2020