Assign topic to the user
Answer: As roles to include in your RACI matrix you should consider at least:
- Top management / Project Sponsor as Accountable for project decisions
- Project Manager as Responsible for the project overall execution
- Team member as Responsible for tasks / activities execution
- Units Heads / Processes Owners / Interested Parties as Consulted about risks identification and controls to be implemented
- Employees / Users / as Informed about project milestones
Steps to be included, you should consider:
1) getting management buy-in for the project;
2) defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational context and requirements of interested parties;
3) development of risk assessment and treatment methodology;
4) perform risk assessment and define risk treatment plan;
5) controls implementat ion (e.g., policies and procedures documentation, acquisitions, etc.);
6) people training and awareness;
7) controls operation;
8 performance monitoring and measurement;
9) perform internal audit;
10) perform management critical review; and
11) address nonconformities, corrective actions and opportunities for improvement.
This article will provide you further explanation about ISMS implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
Comment as guest or Sign in
Apr 16, 2018