ISO 27001 and massive companies

Answer:
We have all necessary documents for the implementation of ISO 27001:2013, but our templates are mainly developed for small and medium companies. Those documents can be used by large companies, but they would need to be made more complex - for example, in our Risk assessment methodology we use the assessment scales of Low-Medium-High, whereas you could use the scales of 1 to 5; we assess impact and likelihood, while you could choose to assess separately the impact on confidentiality, integrity and availability, as well as vulnerabilities and threats.

Anyway, remember that ISO 27001:2013 establishes a number of specific documents which are mandatory, and you need to have t hem independently of the size of your company. Here you can see a list of these mandatory documents “List of mandatory documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

Other important thing for the implementation of ISO 27001 in any company, so I think that it can be also useful for you, is to see it as a project, so this article can be also interesting for you “ISO 27001 project – How to make it work” : https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/

For the implementation, you can also use our approach based on 16 steps, so please see this “ISO 27001 implementation checklist” : https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

And you can also write your own methodology of risk management with the help of this article “How to write ISO 27001 risk assessment methodology” : https://advisera.com/27001academy/knowledgebase/write-iso-27001-risk-assessment-methodology/

Finally, our online course can be interesting for you to learn more about the implementation of ISO 27001 “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/