Records required in an IT project

Answer: The information to be stored will depend on the results of risk assessments, applicable legal and contractual requirements, and any other decision made by the organization regarding the project. Applying information security in project management is like implementing a small and simplified version of an ISMS in the scope of the project.

There are many similarities with implementing an ISMS that you can use to drive the implementation of information security in project management:
1 – You have to define information security objectives and include them in the project objectives, the same way you define information security objectives for an ISMS aligned with organization's objectives, the only difference is that these objectives are restricted to the scope of the project.
2 – You have to perform at the beginning, and periodically, information risk assessments in the project, like you would do it with other bu siness processes, to identify necessary controls
3 – You have to ensure that information security practices are part of all phases of the project (e.g., from the issue of the project charter to project closing).

In short, you can think the inclusion of information security in project management as if you are going to implement a small ISMS that will fit the projects needs and be proportional to the project's lifetime and budget.

This article will provide you further explanation about information security in project management:
- How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/

These materials will also help you regarding information security in project management:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/