ISO 27001 implementation
1. He esquematizado como iniciar partiendo de 4 pilares: Políticas de seguridad (tenemos, hay que mejorarlas), Análisis de Riesgo tenemos uno que trabajamos con el equipo de Análisis de Riesgo Tecnológico, Estructura de Seguridad – trabajamos con 2 secciones, una seguridad operativa en el área de TI y otra en Riesgo, y un Plan estratégico que hoy día está fundamentado en mejora continua de lo que se tiene y la implementación del SGSI.
2. De la información que tengo de los trabajo realizados identifico 5 procesos críticos (basados en el BIA) y quiero iniciar con el más crítico para proceder con la implementación del SGSI.
Derivado de este que le comparto quiero consultarle cual sería la mejor forma de iniciar: con que documentación de referencia? Reunirme directo con el área dueña del proceso y presentar lo que necesitamos para que nos pueda brindar el apoyo en tiempo equipo cuando sea necesario?
Debido a que sería mi primera implementac ión y que estoy solo en esta gestión le pido su recomendación.
(I would like to consult you about the implementation activities of the ISMS based on ISO27001:
1. I have outlined how to start starting from 4 pillars: Security policies (we have, but we have to improve them), Risk Analysis (we have one that we work with the team of Technological Risk Analysis), Security Structure (we work with 2 sections, an operational security In the area of IT and another in Risk), and a Strategic Plan that today is based on continuous improvement of what we have and the implementation of the ISMS.
2. From the information I have of the work I have done I identify 5 critical processes (based on the BIA) and I want to start with the most critical one to proceed with the implementation of the ISMS.
Derived from this that I share I want to consult you what would be the best way to start: with what reference documentation? Meet directly with the area that owns the process and present what we need so that they can provide the support in team and time when necessary?
Because it would be my first implementation and I am alone in this management I ask for your recommendation.)
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
First thing I suggest you is to build a project plan and a project presentation, so you can get all this information you already have and make them available for a quick presentation if needed. The second point is that even if you already have management support (your implementation is already considered in strategic plan), you should approach processes owners asking them to validate your BIA, so you both are aligned regarding what is considered important in terms of information security, and only after that you should ask them for resources. This way you work on their needs first and yours will be easier to gain.
Regarding on which process you should start, this will depend on the resources you will have available (both in terms of quantity and competence) and your organizations priorities.
This article will provide you further explanation about ISO 27001 implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/es/knowledgebase/lista-de-apoyo-para-implementacion-de-iso-27001/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/seguro-simple-una-guia-para-la-pequena-empresa-para-la-implementacion-de-la-iso-27001-con-medios-propios/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Apr 19, 2017