Merging IT Infrastructure and ISO 27001
Assign topic to the user
To ensure your organization keeps compliant with ISO 27001 in this merging you should treat this merge as an implementation project with some adjustments:
1) reviewing ISMS basic framework (e.g., scope, objectives, organizational structure), considering the merged organizational context and requirements of interested parties;
2) review of risk assessment and treatment methodologies, to see which elements can be merged and which ones need to be kept separate;
3) review the risk assessment and define the updated risk treatment plan;
4) adjustment of implemented controls when necessary (e.g., policies and procedures documentation, acquisitions, etc.), as well as the implementation of new controls required due to the new merged context;
5) people training and awareness;
6) controls operation;
7) performance monitoring and measurement;
8) perform internal audit;
9) perform management critical review; and
10) address nonconformities, corrective actions, and opportunities for improvement.
These articles will provide you with additional information:
- Three strategies for ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/#options
- ISO 27001 implementation steps https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
Comment as guest or Sign in
Jul 04, 2022