Transcription
ISO 27001: An Overview ofISMS Implementation ProcessPresenter: Dejan Kosutic
Open and close yourPanel View, Select, andTest your audio Submit textquestions – they willbe addressedthroughout thesession Raise your hand 2016 27001Academywww.advisera.com/27001academy
Which are the mandatory steps in ISO27001 implementationIf you’re planning to implement ISO27001 to succeed, you need to know exactlywhat’s ahead of you 2016 27001Academywww.advisera.com/27001academy3
ISO 27001 doesn’t have to be justanother bureaucratic compliancejob – if implemented properly, it canbe a very efficient tool to achievebusiness benefits 2016 27001Academywww.advisera.com/27001academy4
Agenda ISO 27k family of standards 16 steps towards the certification How to sell the idea to management How long does it take How much does it cost How to approach the implementation Biggest challenges in implementation 2016 27001Academywww.advisera.com/27001academy5
ISO 27k family of standardsISO 27001ISO27005ISO27002ISO27004 2016 27001Academywww.advisera.com/27001academy6
16 steps towards certification Management supportBudget,HR planEstablishing theprojectProject planSu textoIdentify requirements 2016 27001Academywww.advisera.com/27001academyList ofinterestedparties
16 steps towards certification Su textoScope& managementintentionISMS scope,Policy,objectivesRisk iskandtreatmentRiskassessmentreportSu texto 2016 27001Academywww.advisera.com/27001academy8
16 steps towards certification Su textoWhichcontrols toimplementStatement ofApplicabilitySu textoWhowill implementcontrols, deadlinesRisktreatmentplanSu textoDefinehow to measure the effectivenessMeasurementmethodology 2016 27001Academywww.advisera.com/27001academy9
16 steps towards certification Su texto controls &Implementsupport proceduresDocumentationSu texto training &Implementawareness programsRecordsSu textoOperate the ISMS 2016 27001Academywww.advisera.com/27001academyRecords10
16 steps towards certification Su textoMonitor the ISMSSu textoInternal auditSu textoManagement review 2016 ternal auditreport,correctiveactionsMinutes of themeeting11
16 steps towards certificationSu textoImprovements 2016 eactions12
How to sell the idea ingtheexpensesOptimizingbusinessprocesses 2016 27001Academywww.advisera.com/27001academy13
How long does it take? Smaller organizations – up to 8 months Medium sized organizations – 8 to 12months Larger organizations – 12 months 2016 27001Academywww.advisera.com/27001academy14
How much does it cost?Cost structure: Direct costs of acquiring knowledge Cost of new technology Certification body Employees time 2016 27001Academywww.advisera.com/27001academy15
How to approach theimplementation With own employees only Consultant does it all Combination of employees and external help 2016 27001Academywww.advisera.com/27001academy16
Biggest challenges in ISO 27001implementation Understanding what the standard is and what itrequires Demonstrating the importance of thisframework and gaining managementcommitment and funding needed The gaps between legacy policies and currentISO 27001:2013 Implementing ISO 27001 risk assessment;creating Risk Register for all the departments Scale the implementation so that it isacceptable for a small company 2016 27001Academywww.advisera.com/27001academy17
ConclusionsIf set up properly, ISO 27001 canresolve more issues in yourorganization than you haveexpected.Discuss with your colleagues thebenefits could achieve! 2016 27001Academywww.advisera.com/27001academy18
Q&ADejan Kosutic
Thank you!http://advisera.com/27001academy/webinars
Biggest challenges in ISO 27001 implementation 17 Understanding what the standard is and what it requires Demonstrating the importance of this framework and gaining management commitment and funding needed The gaps between legacy policies and current ISO 27001:2013 Implementing ISO 27001 risk assessment;
