ISO 27001: An Overview of

ISMS Implementation Process

Presenter: Dejan Kosutic

 Which are the mandatory steps in ISO
27001 implementation

If you’re planning to implement ISO

27001…

… to succeed, you need to know exactly

what’s ahead of you

©2019 27001Academy www.advisera.com/27001academy 2

 ISO 27001 doesn’t have to be just
another bureaucratic compliance
job – if implemented properly, it can
be a very efficient tool to achieve
business benefits

©2019 27001Academy www.advisera.com/27001academy 3

Agenda

• ISO 27k family of standards

• 16 steps towards the certification
• How to sell the idea to management
• How long does it take
• How much does it cost
• How to approach the implementation
• Biggest challenges in implementation

©2019 27001Academy www.advisera.com/27001academy 4

ISO 27k family of standards

ISO 27001

ISO ISO
27005 27002

ISO
27004

©2019 27001Academy www.advisera.com/27001academy 5

16 steps towards certification…

Budget,
Management support HR plan

Establishing the
project Project plan

Su texto List of
Identify requirements interested
parties

©2019 27001Academy www.advisera.com/27001academy

…16 steps towards certification…

Su texto
Scope & management ISMS scope,
intention Policy,
objectives

Su texto Risk
Risk process assessment
methodology

Suassessment
Risk texto and Risk
treatment assessment
report

©2019 27001Academy www.advisera.com/27001academy 7

…16 steps towards certification…

Su texto
Which controls to
Statement of
implement
Applicability

Who will implement

Su texto Risk
controls, deadlines treatment
plan

Su texto
Define how to mea- Measurement
sure the effectiveness methodology

©2019 27001Academy www.advisera.com/27001academy 8

…16 steps towards certification…

Su texto controls &

Implement
support procedures Documentation

Implement
Su texto training &
awareness programs Records

Su texto
Operate the ISMS Records

©2019 27001Academy www.advisera.com/27001academy 9

…16 steps towards certification…

Su texto
Monitor the ISMS Records

Internal audit
Su texto
Internal audit report,
corrective
actions

Su texto Minutes of the

Management review
meeting

©2019 27001Academy www.advisera.com/27001academy 10

…16 steps towards certification

Su texto Corrective
Improvements
actions

©2019 27001Academy www.advisera.com/27001academy 11

How to sell the idea to
management?

Benefits!

Marketing
Compliance
edge

Lowering Optimizing
the business
expenses processes
©2019 27001Academy www.advisera.com/27001academy 12
How long does it take?

• Smaller organizations – up to 8 months

• Medium sized organizations – 8 to 12
months
• Larger organizations – 12+ months

©2019 27001Academy www.advisera.com/27001academy 13

How much does it cost?

Cost structure:
• Direct costs of acquiring knowledge
• Cost of new technology
• Certification body
• Employees time

©2019 27001Academy www.advisera.com/27001academy 14

How to approach the
implementation

• With own employees only

• Consultant does it all
• Combination of employees and external help

©2019 27001Academy www.advisera.com/27001academy 15

Biggest challenges in ISO 27001
implementation

• Top management commitment, particularly

about resources and timeline
• People who think ISO means the ISO team
will either roadblock normal operations / cost
too much / stifle innovation
• To know how to implement the standard
• Risk analysis and business continuity
management
• My boss believes that all 114 are mandatory
and wants them all implemented, without
doing the risk assessment
©2019 27001Academy www.advisera.com/27001academy 16
Conclusions

If set up properly, ISO 27001 can

resolve more issues in your
organization than you have
expected.

Discuss with your colleagues the

benefits could achieve!

©2019 27001Academy www.advisera.com/27001academy 17

Q&A

Dejan Kosutic
 Thank you!
http://advisera.com/27001academy/webinars