Scribd
Upload
31 views10 pages

Presentation ISO Final A

Uploaded by

Adrick Pedson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
31 views10 pages

Presentation ISO Final A

Uploaded by

Adrick Pedson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

IMPLEMENTATION OF ISO

27001 IN AN ORGANIZATION
We are embarking on the implementation of ISO/IEC 27001 to
INTRODUCTI enhance our information security management system (ISMS).
This international standard will help us manage sensitive
ON information, ensuring its confidentiality, integrity, and availability.
Our roadmap includes obtaining management support,
conducting risk assessments, implementing security controls, and
continuously improving our ISMS. This plan, based on extensive
online research and expert advice, aligns with our business goals
and regulatory requirements.
• We are ready to receive further guidance to ensure a
successful implementation.
PHASE 1: INITIATION
• Management Commitment
• - top management support • Define ISMS Scope
• - roles and responsibilities • - Scope definition,
• Project Planning
• - organizational boundaries,
• - project manager appointment,
• - detailed project plan, • - asset identification
• - timelines, • - management approval.
• - milestones
• - cross-functional collaboration.
PHASE 2: RISK ASSESSMENT AND
TREATMENT
• Asset Inventory
• inventory creation, • Risk Treatment Plan
• Information assets,
• Control selection,
• asset classification,
• Annex A controls,
• criticality assessment,
• sensitivity analysis. • develop risk mitigation,
• Risk Assessment • action plan development,
• Threat identification, • management approval
• vulnerability analysis,
• risk impact,
• likelihood evaluation,
PHASE 3: IMPLEMENTATION

• Develop Policies and Procedures


• Implement Controls
• Document the ISMS
• Training and Awareness
PHASE 4: MONITORING AND REVIEW

• Monitor ISMS Performance


• Internal Audit
• Management Review
PHASE 5: CERTIFICATION

5.1 Selecting a Certification Body CB Selection Process


1. Accreditation • Research
2. Experience • Request Proposals
3. Reputation • Evaluate Proposals
4. Scope of Services • Interview CBs

5. Geographic Reach • Select CB

6. Cost
PHASE 5: CERTIFICATION

5.2 Stage 1 Audi 2. Common Findings


Evaluate whether your ISMS • Incomplete
documentation meets the Documentation
requirements of ISO/IEC 27001. • Scope Definition Issues
1. Preparation 3. Addressing Findings
• Documentation • Corrective Actions
• Self-Assessment • Documentation Updates
• Organize Documents • Management Review
PHASE 5: CERTIFICATION

ii. Site Tours


5.3 Stage 2 Audit iii. Audit Findings
It involves an on-site visit by the
certification body
a. On-Site Audit Preparation 5.4 Achieving Certification
i. Audit Planning i. Review of Evidence
ii.Staff Preparation ii.Certification Award
b. Conducting the Audit iii.Certificate Issuance
i. Evidence Review
PHASE 6: POST-CERTIFICATION
• Celebrate Achievement
• Display Certification 1. Surveillance Audits
• Ongoing Compliance : Maintain compliance • Annual Surveillance
with ISO/IEC 27001 by:
• Address Findings
• Regularly monitoring and reviewing the
ISMS 2. Re-Certification
• Conducting periodic internal audits • Three-Year Cycle
• Holding regular management reviews • Re-Certification Audit :
• Continuously improving ISMS practices • Preparation for Re-Certification

You might also like