ISO 27001 Information Security Implementation Steps

A consultant will be appointed to manage your implementation project.

Project Initiation Meeting

Meeting with client’s senior management to define the organisational requirements, the information technology infrastructure and the scope of the implementation.

Gap Analysis Report Generation​

We will complete a gap analysis report of the organisations position regarding ISO 27001:2013 implementation.

Project Planning Reviews​

We will create a Project Plan that will detail the actions required, the timelines and assigned responsibilities. Our consultant will proactively manage the project by setting up and completing regular reviews with the organisations project team.

Organisational Context Review​

Our Consultant will assist you in:

  • Determining the relevant external and internal issues that affect the organisations ability to achieve the intended outcomes of its information security management system.
  • Identifying the requirements of interested parties that are relevant to information security
 

Implement IS Risk Management Processes​​

 Implement IS Risk Management Processes We will assist you in identifying the information security risks that exist in your business by completing a set of IS risk assessments.

Develop Risk Treatment Plan​

In conjunction with the implementation project team we will assist you in developing and implementing the required security controls that will protect your organisations information assets.

Produce a Statement of Applicability (SoA)​​

We will consult with your project implementation team and then document the organisations Statement of Applicability. The SoA summarizes your organisations position regarding the controls you have selected to address information security risks. The SoA is a key document as it details how an organisation will implement a substantial part of its information security plan.

Guidance and Support​

During the life of the project, our consultant will provide supports and guidance to you by phone, email and webinar.

Develop IS Objectives​​

Our consultant will assist the organisation in completing an analysis of its security requirements, its security risk assessments and treatment plans before deciding upon an appropriate set of information security objectives.

Produce Required ISMS Documentation​​

Our consultant will assist you in the compilation of all documentation requirements that satisfy the needs of the ISO 27001:2013 standard.

Deliver IS staff training​​

We will train your staff in their roles regarding the operation and management of ISO 27001:2013 standard.

Verify the ISMS - Internal Audit​

Our consultant will complete a set of onsite internal compliance audits and reports.

Management Review​

Our consultant will chair the initial management review and prepare a draft the management review minutes.

Auditing Body Management​

We will manage all communications with your chosen auditing body.

On Site Certification Audit Support​

If required by you, our consultant will act as your onsite system consultant during the certification audit. Alternatively, we will provide you with remote support by phone and email, whereby we will address any questions raised by the certification body during the Stage 1 or Stage 2 audits.

Benefits of ISO 27001:2013 Certification


  • Avoid potential financial penalties and loses arising from data breaches.
  • Reduces risk exposure.
  • Comply with business, legal, contractual and regulatory requirements.
  • Protect your data and intellectual property.
  • Enhanced reputation resulting in new business opportunities.
  • Reduce the requirement for frequent customer audits.
  • Provides a framework for developing a culture of security within the organisation.