LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Responsibilities in ISMS implementation

  Quote
Guest
Guest user Created:   Jan 18, 2019 Last commented:   Jan 23, 2019

Responsibilities in ISMS implementation

I work as a team lead. I want to know about my responsibilities in ISMS implementation, what are the documents I shall submit for audit, what type of questions they may ask. How do I represent development team in audit.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Jan 18, 2019

Answer: The best way to organize your job is to define clear steps in your implementation project. These materials will help you:
- ISO 27001 implementation checklist: https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/
- ISO 27001 Foundations Course: https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0
Expert
Rhand Leal Jan 23, 2019
We've received additional question:

>Only development procedure is assigned to me, I should take care about development part. What are the documents are required for this. How do I implement & represent only technical development team?

Answer: If I understood correctly, you are not the project manager responsible for the ISMS implementation, but responsible only for the part regarding the development team.

Considering that, and the previous answer, after performing the risk assessment of your development process, you most probably should consider these documents:
- Secure Development Policy - https://advisera.com/27001academy/documentation/secure-development-policy/
- Specification of Information System Requirement - https://advisera.com/27001academy/documentation/specification-of-information-system-requirements/

The links will show you how these documents look like.

These documents cover how do you ensure development is performed in a secure way and the evidences you need to show to the auditor, considering ISO 27001 requirements.

This article will provide you add itional information:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/blog/2017/01/24/how-to-integrate-iso-27001-a-14-controls-into-the-system-software-development-life-cycle-sdlc/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 18, 2019

Jan 23, 2019

Suggested Topics

Guest user Created:   Mar 26, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISMS Implementation Flow

Guest user Created:   Sep 21, 2021 ISO 27001 & 22301
Replies: 1
0 0

Conformio questions

Guest user Created:   Jun 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

Implementation questions