The ISO 27001 roadmap will help you understand what an Information Security Management System is and guide you, step by step, from preparation through certification.
- Just starting your ISO 27001 certification research?
- Not sure how to start?
- Worried about knowing all the certification steps in advance?
- Afraid you’ll get mired in the process and never get to certification?
- Looking for an ISO 27001 consultant?
Have no fear – our roadmap will guide you, step by step, through the entire certification process.
Becoming certified is a process made up of things you already know – and things you may already be doing!
STEP 1: CONTEXT
Overall Goal:
Outline the business drivers, stakeholders, requirements, interfaces and dependencies for the scope of the information security program.
Deliverables:
STEP 2: LEADERSHIP
Overall Goal:
Establish leadership commitment, vision, roles and responsibilities for information security management.
Deliverables:
STEP 3: PLANNING
Overall Goal:
Document the risk management process, risk assessment results, risk treatment decisions, selection of controls, objectives and treatment plans.
Deliverables:
STEP 4: SUPPORT
Overall Goal:
Document the resources, competencies, awareness, communication and document management needed to support the information security management plan.
Deliverables:
STEP 5: OPERATION
Overall Goal:
Document operational planning as well as control of planned changes, information security risk assessment and risk treatment.
Deliverables:
STEP 6: PERFORMANCE
Overall Goal:
Document monitoring, measurement, analysis, evaluation, internal audit and management review of the implemented information security program.
Deliverables:
STEP 7: IMPROVEMENT
Overall Goal:
Document corrective actions for nonconformities and continual improvements for the adequacy and effectiveness of the information security program.
Deliverables:
CERTIFICATION
Overall Goal:
Prepare recommendations for people and documentation to be available for the certification audits.