ISO 27001 implementation
Hi I'm trying to get a start on implementing iso27001 for my approx 250 person company.
1. In addition to the kit I bought from you I purchased the standard from iso... I now realize I should have also bought 27002 so I can get more details on the controls. Is there a package you recommend that has everything I need in it? I'd prefer to get that instead of having to keep asking my cfo for permission for each thing.
2. Also, I've done the foundations course but I am still feeling a little overwhelmed with where to start... I think risk assessment methodology is the place, but not sure.
3. I've started going through the docs and updating them with our company info etc and the roles I expect for certain things but not sure if that is the right thing to start with. Thanks in advance for any direction
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1. In addition to the kit I bought from you I purchased the standard from iso... I now realize I should have also bought 27002 so I can get more details on the controls. Is there a package you recommend that has everything I need in it? I'd prefer to get that instead of having to keep asking my cfo for permission for each thing.
Please note that our toolkits were designed to consider all elements necessary for certification (e.g., recommendations from ISO 27002 are already included in the templates), and from our experience with our customers all around the world, the toolkit content is all you need to successfully implement the standard. No additional standards are required.
2. Also, I've done the foundations course but I am still feeling a little overwhelmed with where to start... I think risk assessment methodology is the place, but not sure.
The toolkit documents are ordered in the exact sequence you need to follow to implement the standard, so the first document you need to develop is the Procedure for Document and Record Control.
There is a List of Documents file in your toolkit that can show your the order of the documents.
For information, see:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
3. I've started going through the docs and updating them with our company info etc and the roles I expect for certain things but not sure if that is the right thing to start with. Thanks in advance for any direction
You need to follow the sequence of documents explained in the previous answer for easier implementation.
It is also important that before working on the documents you see the video tutorials included with the toolkit. They will provide you guidance on filling in the most critical documents, using examples with real data. And the templates contain several comments with guidance and examples on how to fill the documents. You should read them first too.
Additionally, you can count on our support, through email or scheduled meetings, to clarify your doubts regarding the ISO 27001 implementation, as well as to review some of your developed documents, where we will provide comments about how to improve them as necessary.
Comment as guest or Sign in
Jun 10, 2020