ISO 27001 implementation

Answer: The best help you can expect from consultants is their experience they have on situations regarding ISO 27001 implementation, which will reflect in less time needed for the implementation, and less rework regarding the choice of controls alternatives.

These articles will provide you further explanation about consultants:
- 5 criteria for choosing an ISO 22301 / ISO 27001 consultant https://advisera.com/27001academy/blog/2013/03/25/5-criteria-for-choosing-a-iso-22301-iso-27001-consultant/
- Do you really need a consultant for ISO 27001 / BS 25999 implementation? https://advisera.com/27001academy/blog/2011/12/06/do-you-really-need-a-consultant-for-iso-27001-bs-25999-implementation/

2) How to perform internal audits?

Answer: Internal audits are not so different from certification audits. You have to perform a compliance verification of the documentation, regarding compliance with the ISO 27001 standard and other relevant requirements defined by the organization, and verify evidences that the processes and controls required are implemented and delivering the expected results. From these information you will conclude for the compliance of the audited process and the identification of nonconformities to be treated.

These articles will provide you further explanation about internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
- Qualifications for an ISO 27001 Internal Auditor https://advisera.com/27001academy/blog/2015/03/30/qualifications-for-an-iso-27001-internal-auditor/

3) How to know if we are building right system and not just a certificate compliance?

Answer: To build a system that will add value to an organization, you must ensure its alignment with the main organizational concerns about information security, as well as the concerns of other interested parties (e.g., customers, supplies, workforce, etc.). You can evidence this alignment trough the systems scope and objectives.

These articles will provide you further explanation about aligning ISMS and organization:
- Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//

4) Time planning needed when we as the client support the consultant in ISMS implementation."

Answer: Talking about time planning it is a bit complicated, because every implementation is unique in terms of the scope and resources available. It is more convenient to plan considering the deliverables a consultant has to deliver to ensure a successful implementation, such as procedures, policies, controls and training.

These articles will provide you further explanation about ISMS implementation:
- ISO 27001 implementation checklist advisera.com/27001academy/knowledgebase/iso-27001-implementation-check list/
- ISO 27001 project management: Implementing complex security controls using Work Breakdown Structure (WBS) https://advisera.com/27001academy/blog/2015/10/19/iso-27001-project-management-implementing-complex-security-controls-using-work-breakdown-structure-wbs/
- 3 phases of delivering an ISO 27001/ISO 22301 consulting job https://advisera.com/27001academy/blog/2015/09/28/3-phases-of-delivering-an-iso-27001iso-22301-consulting-job/

These materials will also help you regarding ISMS implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/