Information Security

PREPARE FOR ISO 27001:2013 INFORMATION SECURITY CERTIFICATION

1

  • PID (Project Initiation Doc)
  • Drivers, business case
  • Project sponsor, Project manager
  • Buy-in of all stakeholders

2

  • Define scope
  • Gap assessment
  • Recommendations
  • Road map to address gaps

3

  • ISMS documentation
  • Risk assessment
  • SoA (Statement of Applicability)
  • Risk treatment plan
  • Define controls KPI, implement
  • Awareness, training programs
  • Operate, monitor ISMS

4

  • Internal audit
  • Management review
  • Corrective action plan, ATR
  • Certification audit stage 1
  • Certification audit stage 2
  • Address NCs
  • Achieve ISO 27001 certification
*