Route to implement an ISMS
Buenas tardes. Me gustaría saber cuál es la mejor ruta para implementar un SGSI en una empresa dedicada al giro de la publicidad en XYZ.
Assign topic to the user
Good afternoon. I would like to know what is the best route to implement an ISMS in a company dedicated to the turn of advertising in XYZ.
Regardless of the industry, the first step is to obtain management support for information security initiatives, because without this, you won't have the minimal resources and engagement to implement the required controls. Second, you have to establish a systematic approach for the implementation, because you have to coordinate several people to perform dozens of activities, and without a methodology, you will finish inside a huge mess with no security at all. Finally, the start of your journey has to define what you will protect and what you will not, i.e. the information security scope, so you can focus on what really matters.
This general method is applicable to any company:
1.- Obtain management support
2.- Treat is as a project
3.- Define the scope
4.- Write an ISMS Policy
5.- Define the Risk Assessment methodology
6.- Perform the risk assessment & risk treatment
7.- Write the Statement of Applicability
8.- Write the Risk Treatment Plan
9.- Define how to measure the effectiveness of controls
10.- Implement the controls & mandatory procedures
11.- Implement training and awareness programs
12.- Operate the ISMS
13.- Monitor the ISMS
14.- Internal audit
15.- Management review
16.- Corrective and preventive actions
This article will provide you additional information:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
And this diagram can help you to start the implementation of the standard in your organization “Diagram of ISO 27001:2013 Implementation (PDF)”: https://advisera.com/27001academy/iso-27001-22301-premium-documentation-toolkit/
Finally, these materials will help you to know more about how to implement the standard:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
Comment as guest or Sign in
Dec 17, 2019