iso 27001: an overview of isms implementation process...biggest challenges in iso 27001...
TRANSCRIPT
![Page 1: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/1.jpg)
ISO 27001: An Overview ofISMS Implementation Process
Presenter: Dejan Kosutic
![Page 2: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/2.jpg)
©2016 27001Academy www.advisera.com/27001academy
• Open and close your Panel
• View, Select, and Test your audio
• Submit text questions – they will be addressed throughout the session
• Raise your hand
![Page 3: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/3.jpg)
©2016 27001Academy www.advisera.com/27001academy 3
Which are the mandatory steps in ISO 27001 implementation
If you’re planning to implement ISO 27001…
… to succeed, you need to know exactly what’s ahead of you
![Page 4: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/4.jpg)
©2016 27001Academy www.advisera.com/27001academy 4
ISO 27001 doesn’t have to be just another bureaucratic compliance
job – if implemented properly, it can be a very efficient tool to achieve
business benefits
![Page 5: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/5.jpg)
©2016 27001Academy www.advisera.com/27001academy
Agenda
5
• ISO 27k family of standards
• 16 steps towards the certification
• How to sell the idea to management
• How long does it take
• How much does it cost
• How to approach the implementation
• Biggest challenges in implementation
![Page 6: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/6.jpg)
©2016 27001Academy www.advisera.com/27001academy
ISO 27k family of standards
6
ISO 27001
ISO
27004
ISO
27002
ISO
27005
![Page 7: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/7.jpg)
©2016 27001Academy www.advisera.com/27001academy
16 steps towards certification…
Su textoIdentify requirements
Management support
Establishing the
project Project plan
Budget,
HR plan
List of
interested
parties
![Page 8: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/8.jpg)
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification…
8
Su texto
Su texto
Su textoScope & management
intention
Risk process
Risk assessment and
treatment
Risk
assessment
methodology
ISMS scope,
Policy,
objectives
Risk
assessment
report
![Page 9: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/9.jpg)
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification…
9
Su texto
Su texto
Su textoWhich controls to
implement
Who will implement
controls, deadlines
Define how to mea-
sure the effectiveness
Risk
treatment
plan
Statement of
Applicability
Measurement
methodology
![Page 10: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/10.jpg)
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification…
10
Su texto
Su texto
Su textoImplement controls &
support procedures
Implement training &
awareness programs
Operate the ISMS
Records
Documentation
Records
![Page 11: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/11.jpg)
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification…
11
Su texto
Su texto
Su textoMonitor the ISMS
Internal audit
Management review
Internal audit
report,
corrective
actions
Records
Minutes of the
meeting
![Page 12: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/12.jpg)
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification
12
Su textoImprovements
Corrective
actions
![Page 13: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/13.jpg)
©2016 27001Academy www.advisera.com/27001academy
How to sell the idea to management?
13
Benefits!
ComplianceMarketing
edge
Lowering the
expenses
Optimizing business
processes
![Page 14: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/14.jpg)
©2016 27001Academy www.advisera.com/27001academy
How long does it take?
14
• Smaller organizations – up to 8 months
• Medium sized organizations – 8 to 12 months
• Larger organizations – 12+ months
![Page 15: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/15.jpg)
©2016 27001Academy www.advisera.com/27001academy
How much does it cost?
15
Cost structure:
• Direct costs of acquiring knowledge
• Cost of new technology
• Certification body
• Employees time
![Page 16: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/16.jpg)
©2016 27001Academy www.advisera.com/27001academy
How to approach the implementation
16
• With own employees only
• Consultant does it all
• Combination of employees and external help
![Page 17: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/17.jpg)
©2016 27001Academy www.advisera.com/27001academy
Biggest challenges in ISO 27001 implementation
17
• Understanding what the standard is and what it requires
• Demonstrating the importance of this framework and gaining management commitment and funding needed
• The gaps between legacy policies and current ISO 27001:2013
• Implementing ISO 27001 risk assessment; creating Risk Register for all the departments
• Scale the implementation so that it is acceptable for a small company
![Page 18: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/18.jpg)
©2016 27001Academy www.advisera.com/27001academy
Conclusions
18
If set up properly, ISO 27001 can resolve more issues in your organization than you have
expected.
Discuss with your colleagues the benefits could achieve!
![Page 19: ISO 27001: An Overview of ISMS Implementation Process...Biggest challenges in ISO 27001 implementation 17 •Understanding what the standard is and what it requires •Demonstrating](https://reader034.vdocuments.site/reader034/viewer/2022051107/6012dbd0e7df6f2626434e92/html5/thumbnails/19.jpg)
Q & A
Dejan Kosutic