ISO 27001:2013 Certification
First of all, I would like to congratulate you for your beautiful work, I follow you on your channels and we are partners with Advisera here in Brazil.
We are preparing for ISO 27001:2013 Certification, I would like to ask you a question, so that we can be successful in our certification, I need to focus on the mandatory documents and registration, these are the main requirements, and apply the controls that I use I need Annex A in view of my context and established scope, which are validated in my declaration of applicability.
my doubt is whether the way we are conducting the implementation process as mentioned i is correct! a big hug!
Assign topic to the user
Please note that ISO 27001 provides a systematic way to implement Information Security management, and its sequence is a bit different from what you proposed:
- getting management buy-in for the project
- defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational and the requirements of interested parties
- development of risk assessment and treatment methodology
- perform a risk assessment and define a risk treatment plan
- controls implementation (e.g., policies and procedures documentation, acquisitions, etc.)
- people training and awareness
- controls operation
- performance monitoring and measurement
- perform internal audit
- perform management critical review
- address nonconformities, corrective actions, and opportunities for improvement.
In short:
- part of the mandatory documents and records are created before risk assessment and treatment processes (e.g., scope, objectives, organizational structure), and the other part after it (e.g., policies and procedures documentation related to implemented controls, internal audit report, management review, etc.)
- controls are implemented after the approval of the Statement of Applicability, not before
This article will provide you with further explanation about ISO 27001 implementation:
- ISO 27001 implementation steps https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
Comment as guest or Sign in
Nov 21, 2022