Expert Advice Community

Guest

Questions about ISO 27001 implementation

  Quote
Guest
Guest user Created:   Dec 08, 2020 Last commented:   Dec 08, 2020

Questions about ISO 27001 implementation

Gracias por la información alcanzada, tenemos algunas consultas.
 
1.- Hay alguna diferencia entre el ISO 27001:2013 e ISO 27001:2014?  teniamos entendido que el 2014 era la versión mas actual. Nuestra implementación queriamos
basarnos en el 2014.
 
2.- Actualmente estamos dentro  de nuestro proceso estamos en la etapa de Diagnostico, para ver los factores críticos dentro
de los procesos.   Para esta etapa que Plantillas serian mas recomendables a Usar.???
 
3.-  Una vez terminada la parte de Diagnostico, nuestra siguiente etapa era ya realizar la implementación del SGSI indicando los controles 
necesarios y Monitoreo. Al respecto hay alguna recomendación con que plantilla comenzar la parte de implementación?
 
Agradeceriamos mucho alguna sugerencia o indicarnos que información a revisar mas profundamente para poder encaminarnos mejor.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 08, 2020

1. Is there a difference between ISO 27001: 2013 and ISO 27001: 2014? We understood that 2014 was the most current version. Our implementation we wanted based on 2014.

I’m assuming you are referring to UNE-ISO/IEC 27001:2014.

Considering that, please note that this is the Spanish translation of ISO 27001, released by the UNE Normalización Española, so it contains the same information and content of the international standard. You can use either ISO/IEC 27001:2013 or UNE-ISO/IEC 27001:2014 for your implementation.

2. We are currently within our process, we are in the Diagnostic stage, to see the critical factors within the processes. For this stage, which Templates would be more recommended to use.

The beginning of the implementation process involves the identification of organizational context and requirements, and interested parties, so you should consider using the templates in folder 02:

  • 02.1 Appendix 1 List of Legal Regulatory Contractual and Other Requirements
  • 02 Procedure for Identification of Requirements

For further information, see

3. Once the Diagnostic part was finished, our next stage was to carry out the implementation of the ISMS indicating the controls Necessary and Monitoring. In this regard, is there any recommendation with which template to start the implementation part?

Please note that after the definition of organizational context and identification of interested parties, you need to define the ISMS scope, ISMS Policy, and define the risk assessment and risk treatment methodology, before identifying necessary controls.

Considering that, for a streamlined implementation, you should implement the documents in the order they appear in the toolkit.

By the way, included in the toolkit you bought, you have access to a video tutorial that can help you fill in the most critical documents, using real data examples.

These articles will provide you a further explanation about ISO 27001 implementation:

These materials will also help you regarding ISO 27001 implementation:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 08, 2020

Dec 08, 2020