Expert Advice Community


ISMS Implementation Flow

Guest user Created:   Mar 26, 2021 Last commented:   Mar 26, 2021

ISMS Implementation Flow

I would like to take this opportunity to thank you for your webinar yesterday.


I would request you to please share some ideas / opinion on the below mentioned ISMS implementation flow in chronological order. Your opinion or suggestion will be a great help for me.




01) Discussion with the top management for implementation of ISMS

02) Planning of awareness programme

03) Define of scope

04) Discuss & document the statutory & regulatory requirements (security) applicable to organisation

   4a) Risk identification (HAPPENS PARALLEL)

       1) Identification of assets

       2) Risk assessment & treatment plan

   4b) Scope of applicability

       1) Discussion & Understanding of the controls & applicability to organisation

05) Discuss & document the internal & external issues

06) Define & discuss the interfaces & dependencies within the processes in the organisation

07) Awareness training on ISMS certification  across the organisation staff

08) Define document applicable ISMS documents, Roles & responsibilities

09) Implementation of controls within the organisation

10) Monitor implementation progress

11) Internal Audit after implementation

12) Management Review meeting

13) MRM outcome implementations & improvements

14) Preparation for external (certification) Audits

0 0

Assign topic to the user


Step-by-step implementation for smaller companies.


Step-by-step implementation for smaller companies.

Rhand Leal Mar 26, 2021

In a general way, you covered all necessary steps, but the order for an optimized implementation effort would be a bit different.

After getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:
1) defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational context and requirements of interested parties;
2) development of risk assessment and treatment methodology;
3) perform a risk assessment and define the risk treatment plan;
4) controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
5) people training and awareness;
6) controls operation;
7) performance monitoring and measurement;
8) perform internal audit;
9) perform management critical review; and
10) address nonconformities, corrective actions, and opportunities for improvement.

This article will provide you a further explanation about ISMS implementation:

These materials will also help you regarding ISO 27001 implementation:

To see how documents compliant with ISO 27001 looks like, I suggest you take a look at the free demo of our ISO 27001 documentation toolkit at this link:

0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 26, 2021

Mar 26, 2021

Suggested Topics