Preparation to comply with ISO 27001:2018

Please note that ISO 27001:2013 was last reviewed and confirmed in 2019, so the 2013 version remains current, without alterations.

The document released in 2018 was ISO 27000, which is a supporting standard, covering Information Security vocabulary.

Regarding preparation for ISO 27001 compliance, after getting support for your project (normally through approval of an ISMS project plan) and approval of a Procedure for Document and Record Control, you should consider these steps:

1. defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties;
2. development of risk assessment and treatment methodology;
3. perform a risk assessment and define the risk treatment plan;
4.  controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
5. people training and awareness;
6. controls operation;
7. performance monitoring and measurement;
8. perform an internal audit;
9. perform management critical review; and
10. address nonconformities, corrective actions, and opportunities for improvement.

This article will provide you a further explanation about ISMS implementation:

• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

To see how documents compliant with ISO 27001 looks like, I suggest you take a look at our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

These materials will also help you regarding ISO 27001 implementation:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• ISO 27001:2013 Foundations Course https://advisera.com/training/iso-27001-foundations-course/