Expert Advice Community

Guest

Template content

  Quote
Guest
Guest user Created:   Mar 24, 2018 Last commented:   Mar 28, 2018

Template content

Could you please help me if there is any document available for A 6.1.5
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 24, 2018

Answer: Unfortunately we do not have a template or tool covering specifically Information Security in Project Management (this specific document is not mandatory for ISO 27001), but there are many similarities with implementing an ISMS that you can use to drive the implementation of this control in a specific project:
1 – You have to define information security objectives, the same way you define information security objectives for an ISMS aligned with organization's objectives, the only difference is that these objectives are restricted to the scope of the project
2 – You have to perform at the beginning, and periodically, information risk assessments in the project, like you would do it with other business processes, to identify necessary controls
3 – You have to ensure that information security practices are part of all phases of the project (e.g., from the issue of the project charter to project closing)

In short, you can think the inclusion of information security in project management as if you are going to implement a small ISMS that will fit the projects needs and will be proportional to the project's lifetime and budget.

Considering this, I suggest you to take a look at the free demo of our Risk Assessment Toolkit (https://advisera.com/27001academy/iso-27001-22301-risk-assessment-toolkit/)), and our online tool, Conformio (https://advisera.com/conformio/), since they can be used in the scope of a project to ensure information security is properly implemented and managed.

This article will provide you further explanation about Information security in project management:
- How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/blog/2015/07/06/how-to-manage-security-in-project-management-according-to-iso-27001-a-6-1-5/

This material will also help you regarding information security in project management:
- Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
Quote
0 0
Expert
Rhand Leal Mar 28, 2018
We received this question:

>I read the answer..
>
>Inshort we need to make sure that all the other development projects that we undertake in the company should have risk assessment done somewhere in the project charter or project plan.
>
>or may be some document that does the project requirement analysis and identify the risks before initiating the design phase
>
>Correct me if I am wrong..

Answer: You must consider risk assessment in all phases of the projects (initiation, planing, execution, control and closing). The better way to ensure that is, as you assumed, by using a document to define how risks must be assessed and treated and when risk assessments must be performed. And the better part is that you can use the same risk assessment and treatment methodology you adopted for your organization (remember, the process is the same, either for the whole organization or for a single project, the difference being only that the project's scope is smaller than of the organization's).
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 23, 2018

Mar 28, 2018

Suggested Topics

Guest user Created:   Mar 13, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content

Guest user Created:   Mar 11, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content

Guest user Created:   Feb 26, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content - DRP