Short way to get certified as ISO 27001 and 27002

First is important to note that only ISO 27001 is a certifiable standard. ISO 27002 is a support standard which provides guidance and recommendations for implementation of controls from ISO 27001 Annex A.

Considering that, in a general way, after getting support for the certification (through approval of an ISO 27001 certification project plan) and approval of the Procedure for Document and Record Control, you should consider these for implementation:

1. defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding organizational context and requirements of interested parties;
2. development of risk assessment and treatment methodology;
3. perform a risk assessment and define the risk treatment plan;
4. controls implementation (e.g., policies and procedures documentation, acquisitions, etc.);
5. people training and awareness;
6. controls operation;
7. performance monitoring and measurement;
8. perform internal audit;
9. perform management critical review; and
10. address nonconformities, corrective actions, and opportunities for improvement.

This article will provide you a further explanation about ISMS implementation:

• ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

To see how documents compliant with ISO 27001 looks like, I suggest you take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

As for the shortest way to get ISO 27001 certified, it would involve hiring a consultant, because this approach will rapidly provide the knowledge, expertise, and methods to implement the standard, although it is the most expensive approach.

Other approaches that can be adopted are implementing the standard using your own employees (the cheapest and longest way), and implementing the standard with a DIY approach and using external know-how (a mid-term approach).

These articles will provide you a further explanation about implementation approaches:

• 3 strategic options to implement any ISO standard https://advisera.com/blog/2016/04/11/3-strategic-options-to-implement-any-iso-standard/
• 5 criteria for choosing an ISO 22301 / ISO 27001 consultant https://advisera.com/27001academy/blog/2013/03/25/5-criteria-for-choosing-a-iso-22301-iso-27001-consultant/
• Do you really need a consultant for ISO 27001 / BS 25999 implementation? https://advisera.com/27001academy/blog/2011/12/06/do-you-really-need-a-consultant-for-iso-27001-bs-25999-implementation/

These materials will also help you regarding ISO 27001 implementation:

• Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
• How to use a Documentation Toolkit for the implementation of ISO 27001 / ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-27001-free-webinar-on-demand/