ISO 27001 implementation project

Answer:

Broadly speaking, to implement ISO 27001 an organization has to:
- Obtain top management support
- Define and document a scope based on the needs and expectations of interested parties relevant to information security
- Define, document and communicate an information security policy
- Define roles and responsibilities relevant to operation and management of information security
- Define a risk assessment and treatment methodology
- Define and allocate competencies and resources for the operation and management of information security
- Implement risk assessment and risk treatment
- Operate the security controls and generate the necessary records
- Measure, monitor and evaluate the information security performance
- Implement corrections and improvements

To increase chances of success, it is important that persons involved have experience in project management and knowl edge of the standard.

These articles will provide you further explanation about ISO 27001:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/

Regarding ISO 27001 and HITRUST, the first involves the implementation of a high level information security management system, while the second involves detailed requirements and controls for the secure creation, access, storage and exchange of sensitive and/or regulated data. So you can use ISO 27001 framework to support HITRUST controls implementation, maintenance and improvement. For more information, please access this link: https://hitrustalliance.net/frequently-asked/1/en/topic/since-iso-iec-provides-an-internationally-recognized-information-security-standard-can-i-use-my-iso-27001-certification-to-satisfy-customer-and-business-partner-requirements-for-a-hitrust-csf-validated-or-certified-report