Questions about ISO 27001 implementation
Gracias por la información alcanzada, tenemos algunas consultas.
1.- Hay alguna diferencia entre el ISO 27001:2013 e ISO 27001:2014? teniamos entendido que el 2014 era la versión mas actual. Nuestra implementación queriamos
basarnos en el 2014.
2.- Actualmente estamos dentro de nuestro proceso estamos en la etapa de Diagnostico, para ver los factores críticos dentro
de los procesos. Para esta etapa que Plantillas serian mas recomendables a Usar.???
3.- Una vez terminada la parte de Diagnostico, nuestra siguiente etapa era ya realizar la implementación del SGSI indicando los controles
necesarios y Monitoreo. Al respecto hay alguna recomendación con que plantilla comenzar la parte de implementación?
Agradeceriamos mucho alguna sugerencia o indicarnos que información a revisar mas profundamente para poder encaminarnos mejor.
Assign topic to the user
1. Is there a difference between ISO 27001: 2013 and ISO 27001: 2014? We understood that 2014 was the most current version. Our implementation we wanted based on 2014.
I’m assuming you are referring to UNE-ISO/IEC 27001:2014.
Considering that, please note that this is the Spanish translation of ISO 27001, released by the UNE Normalización Española, so it contains the same information and content of the international standard. You can use either ISO/IEC 27001:2013 or UNE-ISO/IEC 27001:2014 for your implementation.
2. We are currently within our process, we are in the Diagnostic stage, to see the critical factors within the processes. For this stage, which Templates would be more recommended to use.
The beginning of the implementation process involves the identification of organizational context and requirements, and interested parties, so you should consider using the templates in folder 02:
- 02.1 Appendix 1 List of Legal Regulatory Contractual and Other Requirements
- 02 Procedure for Identification of Requirements
For further information, see
- How to define context of the organization according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
3. Once the Diagnostic part was finished, our next stage was to carry out the implementation of the ISMS indicating the controls Necessary and Monitoring. In this regard, is there any recommendation with which template to start the implementation part?
Please note that after the definition of organizational context and identification of interested parties, you need to define the ISMS scope, ISMS Policy, and define the risk assessment and risk treatment methodology, before identifying necessary controls.
Considering that, for a streamlined implementation, you should implement the documents in the order they appear in the toolkit.
By the way, included in the toolkit you bought, you have access to a video tutorial that can help you fill in the most critical documents, using real data examples.
These articles will provide you a further explanation about ISO 27001 implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/
Comment as guest or Sign in
Dec 08, 2020