ISO 27001 project plan

ISO 27001 links

Telephone
+44 (0)1799 506151
for further
information

ISO 27001 project plan

It is very likely that you will have undertaken some measures in order to enhance your information security. Locking your doors at night and doing backups is certainly likely to help!

What we first need to do is to identify what the information assets are that we are trying to protect. Once we know these, (and there may be many) we can assess the various risks which they are, and potentially could be subjected to.
Having identified the risks, we select the controls required to mitigate or reduce these risks and implement them. Once implemented, we reassess the risk to ensure it is within limits that are acceptable to the management team.
We prepare policy statements / procedures and a statement of applicability to use to both train staff and demonstrate compliance to a certification body.
We establish methods of dealing with emergencies and subsequently reviewing both these and other potential security incidents. We conduct audits to ensure the controls we have selected.
As a result of our combined knowledge, we develop an ongoing risk treatment plans to improve the security of our information.
A certification body is invited to assess our system, and usually, subject to ironing out a few niggles, a certificate is awarded.

Project lengths can vary hugely. It really depends upon the size and nature of the organisation, also the degree to which security issues have already been mitigated. Documentation can take a while to prepare, this is obviously accelerated with our experience.

On average however, implementation of a system like this can take between 6-12 months. The faster it is implemented, the more disruptive it can be. Consultancy is typically 20 - 30 days worth of work during this period.

No doubt you want to consider your budget for this. Click here for more information.