Expert Advice Community

Guest

Support regarding ISO 27001:2022

  Quote
Guest
Guest user Created:   Feb 10, 2023 Last commented:   Feb 10, 2023

Support regarding ISO 27001:2022

I'm unclear on a few things on the overall ISO process (I have sent through a separate email on the auditing process, but having reviewed the rest of the process, I'm unsure).

Essentially, I get stuck once we get to the point in the project checklist where the procedure for corrective action needs to be written.

Is the idea at this point to roll out the ISMS we have developed, and then give the process some time to settle before then determining what the nonconformities are, and therefore able to perform the audit, perform corrective actions that have been determined as part of the audit and then complete the management review?

If so, how much do you suggest is given to operate the ISMS?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 10, 2023

Your understanding of the sequence of implementation is correct.

Please note that nonconformities can be identified either by the personnel performing the activities, during daily operations, as well as during internal audits (in fact, in a mature ISMS the majority of identified nonconformities came from operation personnel than from internal audit, because at this level the personnel has already understood the value of nonconformities).

Regarding how long to operate the ISMS so as to have enough evidence to assess nonconformities, an operation period between 15 days and 1 month is a good starting point. Please note that security process cycles can vary (e.g., some processes are performed on a daily, weekly, or monthly basis).  

For further information see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 10, 2023

Feb 10, 2023

Suggested Topics