The ISO 27001 roadmap will help you understand what an Information Security Management System is and guide you, step by step, from preparation through certification.
- Just starting your ISO 27001 certification research?
- Not sure how to start?
- Worried about knowing all the certification steps in advance?
- Afraid you’ll get mired in the process and never get to certification?
- Looking for an ISO 27001 consultant?
Have no fear – our roadmap will guide you, step by step, through the entire certification process.
Becoming certified is a process made up of things you already know – and things you may already be doing!
STEP 1: CONTEXT
Overall Goal:
Outline the business drivers, stakeholders, requirements, interfaces and dependencies for the scope of the information security program.
Deliverables:
Information Security Context Assessment
Information Security Scope Statement
STEP 2: LEADERSHIP
Overall Goal:
Establish leadership commitment, vision, roles and responsibilities for information security management.
Deliverables:
Information Security Management Charter
Information Security Policy
Information Security RACI Chart
STEP 3: PLANNING
Overall Goal:
Document the risk management process, risk assessment results, risk treatment decisions, selection of controls, objectives and treatment plans.
Deliverables:
Information Security Risk Management Process
Information Security Risk Assessment and Treatment Spreadsheets
Information Security Controls Gap Assessment
Preliminary Statement of Applicability
Information Security Management Plan
STEP 4: SUPPORT
Overall Goal:
Document the resources, competencies, awareness, communication and document management needed to support the information security management plan.
Deliverables:
ISMS Budget Review
ISMS Competencies Assessment
ISMS Awareness Review
ISMS Communication Plan
ISMS Document Management Standard
STEP 5: OPERATION
Overall Goal:
Document operational planning as well as control of planned changes, information security risk assessment and risk treatment.
Deliverables:
ISMS Manual
Information Security Policies
Updated Information Security Plan
Updated Information Security Risk Assessment and Treatment Spreadsheets
Final Statement of Applicability
STEP 6: PERFORMANCE
Overall Goal:
Document monitoring, measurement, analysis, evaluation, internal audit and management review of the implemented information security program.
Deliverables:
Information Security Metrics
Internal Audit Program
Internal Audit Agenda
Internal Audit Report
Information Security Management Review Agenda & Meeting Minutes
STEP 7: IMPROVEMENT
Overall Goal:
Document corrective actions for nonconformities and continual improvements for the adequacy and effectiveness of the information security program.
Deliverables:
Corrective Action Plan(s)
Continual Improvement Plan(s)
CERTIFICATION
Overall Goal:
Prepare recommendations for people and documentation to be available for the certification audits.
Deliverables:
Recommendations for Certification Audit Preparation
Corrective Action Plans for Certification Audit Findings