I am in the product and looking at Project Plan tutorial. The plan looks like a big piece of work and I feel we are past the Plan phase. So my Question is, is the Project Plan actually a requirement of the ISO implementation?
ISO 27001 does not prescribe a project plan for the implementation of ISO 27001, but we strongly recommend companies with more than 50 employees to develop one because ISO 27001 implementation is a complex issue involving various activities, lots of people, lasting several months (or more than a year). If you do not define clearly what is to be done, who is going to do it, and in what time frame (i.e. apply project management), you might as well never finish the job. For smaller ones, it is not really needed.