Embed Size (px)
Citation preview
ISO 27001: An Overview ofISMS Implementation Process
Presenter: Dejan Kosutic
©2016 27001Academy www.advisera.com/27001academy
• Open and close your Panel
• View, Select, and Test your audio
• Submit text questions – they will be addressed throughout the session
• Raise your hand
©2016 27001Academy www.advisera.com/27001academy 3
Which are the mandatory steps in ISO 27001 implementation
If you’re planning to implement ISO 27001…
… to succeed, you need to know exactly what’s ahead of you
©2016 27001Academy www.advisera.com/27001academy 4
ISO 27001 doesn’t have to be just another bureaucratic compliance
job – if implemented properly, it can be a very efficient tool to achieve
business benefits
©2016 27001Academy www.advisera.com/27001academy
Agenda
5
• ISO 27k family of standards
• 16 steps towards the certification
• How to sell the idea to management
• How long does it take
• How much does it cost
• How to approach the implementation
• Biggest challenges in implementation
©2016 27001Academy www.advisera.com/27001academy
ISO 27k family of standards
6
ISO 27001
ISO
27004
ISO
27002
ISO
27005
©2016 27001Academy www.advisera.com/27001academy
16 steps towards certification…
Su textoIdentify requirements
Management support
Establishing the
project Project plan
Budget,
HR plan
List of
interested
parties
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification…
8
Su texto
Su texto
Su textoScope & management
intention
Risk process
Risk assessment and
treatment
Risk
assessment
methodology
ISMS scope,
Policy,
objectives
Risk
assessment
report
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification…
9
Su texto
Su texto
Su textoWhich controls to
implement
Who will implement
controls, deadlines
Define how to mea-
sure the effectiveness
Risk
treatment
plan
Statement of
Applicability
Measurement
methodology
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification…
10
Su texto
Su texto
Su textoImplement controls &
support procedures
Implement training &
awareness programs
Operate the ISMS
Records
Documentation
Records
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification…
11
Su texto
Su texto
Su textoMonitor the ISMS
Internal audit
Management review
Internal audit
report,
corrective
actions
Records
Minutes of the
meeting
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification
12
Su textoImprovements
Corrective
actions
©2016 27001Academy www.advisera.com/27001academy
How to sell the idea to management?
13
Benefits!
ComplianceMarketing
edge
Lowering the
expenses
Optimizing business
processes
©2016 27001Academy www.advisera.com/27001academy
How long does it take?
14
• Smaller organizations – up to 8 months
• Medium sized organizations – 8 to 12 months
• Larger organizations – 12+ months
©2016 27001Academy www.advisera.com/27001academy
How much does it cost?
15
Cost structure:
• Direct costs of acquiring knowledge
• Cost of new technology
• Certification body
• Employees time
©2016 27001Academy www.advisera.com/27001academy
How to approach the implementation
16
• With own employees only
• Consultant does it all
• Combination of employees and external help
©2016 27001Academy www.advisera.com/27001academy
Biggest challenges in ISO 27001 implementation
17
• Understanding what the standard is and what it requires
• Demonstrating the importance of this framework and gaining management commitment and funding needed
• The gaps between legacy policies and current ISO 27001:2013
• Implementing ISO 27001 risk assessment; creating Risk Register for all the departments
• Scale the implementation so that it is acceptable for a small company
©2016 27001Academy www.advisera.com/27001academy
Conclusions
18
If set up properly, ISO 27001 can resolve more issues in your organization than you have
expected.
Discuss with your colleagues the benefits could achieve!
Q & A
Dejan Kosutic
