SlideShare a Scribd company logo

Iso27001 Approach

Download as PPTX, PDF
T
tschraider
1 of 4
BAU Phase 1 Phase 2 – first cycle of Operate, Moni Scope, Design and Implement, Operate, Monitor and Improve tor and Build Improve Implement and Operate Plan Establish the Act Do Monitor and Review ISMS Check Maintain and Improve ISMS scope Implementation Implementation First cycle of First cycle of ISMS BAU & policy plan agreed complete internal audits and improvements agreed management implemented reviews completed Certification Confirmed Choose and engage Stage 1 Audit Stage 2 Audit Certification Board (The documentation (The Big One) check) Start 3 mths 6 mths 9 mths 12 mths 18 mths
BAU Phase 1 Phase 2 – first cycle of Operate, Moni Scope, Design and Implement, Operate, Monitor and Improve tor and Build Improve We follow a two-phased approach, in line with the BSI’s preferred method, to helping clients implement an ISO27001- compliant ISMS. The objective of Phase 1 is to set up the scope and foundation elements of the ISMS, and to define the scope of activities for the next phase. Phase 1 includes: • identifying the gap between ISO27001 and current processes and controls. Using or refining existing processes and controls to address these gaps will reduce the time and effort, but the design of new processes and controls may also be required • identifying and determining the value of your information assets through workshops and 1-to-1 meetings with key staff and management • assessing the threats, vulnerabilities and risks to your information assets, and determining the options for treating these risks • preparing the ISO27001 Statement of Applicability on your behalf • preparing the scope and programme of work for Phase 2, and providing input to further business cases if funding or internal/external resources are required for the implementation or operation of new or revised processes and controls Our role in this phase of the engagement includes project management, facilitating, document writing and providing subject matter expertise. We can also liaise with the certification body on your behalf.
BAU Phase 1 Phase 2 – first cycle of Operate, Moni Scope, Design and Implement, Operate, Monitor and Improve tor and Build Improve Phase 2 consists of four work streams: • Implement is largely defined by the gap analysis and risk assessment activities from the prior phase. Implementation will focus on integrating new and revised security processes and controls into your operational security environment, including training of personnel earmarked for operating these processes and controls. Our role in this work stream would be project management, facilitating integration and providing training. • Operation is the normal day-to-day operations of information security management. This includes the management of information security resources, security incident management, as well as training and awareness. Our role in this work stream would be to provide support and hand-holding to staff responsible for running the ISMS. • Monitor is the ongoing measurement and assessment of the effectiveness of security controls and of the ISMS itself. This includes activities such as assessing control KPIs, testing of control effectiveness, internal audit of the ISMS and management review. Our role in this work stream would be performing effectiveness reviews and internal audit of the ISMS on your behalf. • Improve is about taking the outputs from the Monitor work stream and identifying and determining improvements that can be made to the ISMS and security controls. Our role here would be to help you design improvements and to integrate these improvements back into the operational ISMS.
BAU Phase 1 Phase 2 – first cycle of Operate, Moni Scope, Design and Implement, Operate, Monitor and Improve tor and Build Improve Once the integration of the ISMS processes and controls are complete, the ISMS becomes a Business-As-Usual Plan (BAU) system, fully operated by your staff, continuously monitoring and improving information security within your business. Act Do Our role from this point onwards would be to support the ‘Plan-Do-Check-Act ’ cycle required for continuous improvement of the ISMS through providing resource and expertise for effectiveness reviews, performing the Check required internal audits of the ISMS, and providing advice and support for managing ISMS change on a ‘call-off’ basis.

Recommended

Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
tschraider
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
mcloete
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
Mark Conway
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
Ivan Piskunov
 

Recommended

Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
tschraider
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
mcloete
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
Mark Conway
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
Ivan Piskunov
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
AvniJain836319
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
Dejan Kosutic
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
Akhil Garg
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
Naresh Rao
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
SerkanRafetHalil1
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
Ralf Braga
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
Tanmay Shinde
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice?
Patten John
 
Metodology Risk Assessment ISMS
Metodology Risk Assessment ISMSMetodology Risk Assessment ISMS
Metodology Risk Assessment ISMS
blodotaji
 

More Related Content

What's hot

Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 

What's hot (20)

2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 

Viewers also liked

ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
Uppala Anand
 
Something Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinSomething Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton Chuvakin
Anton Chuvakin
 
ISMS Awareness IT Staff
ISMS Awareness IT StaffISMS Awareness IT Staff
ISMS Awareness IT Staff
Tooba Khaliq
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
tschraider
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
Cheng Olayvar
 

Viewers also liked (20)

Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice?
 
Metodology Risk Assessment ISMS
Metodology Risk Assessment ISMSMetodology Risk Assessment ISMS
Metodology Risk Assessment ISMS
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Something Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinSomething Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton Chuvakin
 
ISMS Awareness IT Staff
ISMS Awareness IT StaffISMS Awareness IT Staff
ISMS Awareness IT Staff
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02
 
AIS Lecture 1
AIS Lecture 1AIS Lecture 1
AIS Lecture 1
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
 
CIS Audit Lecture # 1
CIS Audit Lecture # 1CIS Audit Lecture # 1
CIS Audit Lecture # 1
 
Rothke Patchlink
Rothke PatchlinkRothke Patchlink
Rothke Patchlink
 
IS Audit and Internal Controls
IS Audit and Internal ControlsIS Audit and Internal Controls
IS Audit and Internal Controls
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made Easy
 
ISCA-CA Final
ISCA-CA FinalISCA-CA Final
ISCA-CA Final
 
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-Practices
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
 

Similar to Iso27001 Approach

NG BB 53 Process Control [Compatibility Mode]
NG BB 53 Process Control [Compatibility Mode]NG BB 53 Process Control [Compatibility Mode]
NG BB 53 Process Control [Compatibility Mode]
Leanleaders.org
 
NG BB 54 Sustain the Gain
NG BB 54 Sustain the GainNG BB 54 Sustain the Gain
NG BB 54 Sustain the Gain
Leanleaders.org
 
NG BB 52 CONTROL Roadmap
NG BB 52 CONTROL RoadmapNG BB 52 CONTROL Roadmap
NG BB 52 CONTROL Roadmap
Leanleaders.org
 
general project management
general project management general project management
general project management
yasmine19
 
Implementing ITIL - Product First Or Process First
Implementing ITIL - Product First Or Process FirstImplementing ITIL - Product First Or Process First
Implementing ITIL - Product First Or Process First
Vyom Labs
 
Humphreys.gary
Humphreys.garyHumphreys.gary
Humphreys.gary
NASAPMC
 
Humphreys.gary
Humphreys.garyHumphreys.gary
Humphreys.gary
NASAPMC
 
Eplc security approach_practices_guide
Eplc security approach_practices_guideEplc security approach_practices_guide
Eplc security approach_practices_guide
dizainioras
 
Corporate Presentation MRS
Corporate Presentation MRSCorporate Presentation MRS
Corporate Presentation MRS
Paul Morffew
 

Similar to Iso27001 Approach (20)

NG BB 53 Process Control [Compatibility Mode]
NG BB 53 Process Control [Compatibility Mode]NG BB 53 Process Control [Compatibility Mode]
NG BB 53 Process Control [Compatibility Mode]
 
NG BB 54 Sustain the Gain
NG BB 54 Sustain the GainNG BB 54 Sustain the Gain
NG BB 54 Sustain the Gain
 
7 sw-project and-process_measurement_0907_ebert
7 sw-project and-process_measurement_0907_ebert7 sw-project and-process_measurement_0907_ebert
7 sw-project and-process_measurement_0907_ebert
 
News iso
News isoNews iso
News iso
 
CMMI CONSULTING
CMMI CONSULTINGCMMI CONSULTING
CMMI CONSULTING
 
NG BB 52 CONTROL Roadmap
NG BB 52 CONTROL RoadmapNG BB 52 CONTROL Roadmap
NG BB 52 CONTROL Roadmap
 
Killing the Myth: Agile & CMMI
Killing the Myth: Agile & CMMIKilling the Myth: Agile & CMMI
Killing the Myth: Agile & CMMI
 
general project management
general project management general project management
general project management
 
Performance improvement methodology
Performance improvement methodologyPerformance improvement methodology
Performance improvement methodology
 
Implementing ITIL - Product First Or Process First
Implementing ITIL - Product First Or Process FirstImplementing ITIL - Product First Or Process First
Implementing ITIL - Product First Or Process First
 
Humphreys.gary
Humphreys.garyHumphreys.gary
Humphreys.gary
 
Humphreys.gary
Humphreys.garyHumphreys.gary
Humphreys.gary
 
IBM Rational Software Conference 2009 Day 1 Keynote: Jamie Thomas
IBM Rational Software Conference 2009 Day 1 Keynote: Jamie ThomasIBM Rational Software Conference 2009 Day 1 Keynote: Jamie Thomas
IBM Rational Software Conference 2009 Day 1 Keynote: Jamie Thomas
 
Bs25999 business continuity implementation
Bs25999 business continuity implementationBs25999 business continuity implementation
Bs25999 business continuity implementation
 
Eplc security approach_practices_guide
Eplc security approach_practices_guideEplc security approach_practices_guide
Eplc security approach_practices_guide
 
Iso awarness
Iso awarnessIso awarness
Iso awarness
 
Corporate Presentation MRS
Corporate Presentation MRSCorporate Presentation MRS
Corporate Presentation MRS
 
ISO 9001 CONSULTING
ISO 9001 CONSULTINGISO 9001 CONSULTING
ISO 9001 CONSULTING
 
Pmp an introduction
Pmp an introductionPmp an introduction
Pmp an introduction
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
 

Iso27001 Approach

  • 1. BAU Phase 1 Phase 2 – first cycle of Operate, Moni Scope, Design and Implement, Operate, Monitor and Improve tor and Build Improve Implement and Operate Plan Establish the Act Do Monitor and Review ISMS Check Maintain and Improve ISMS scope Implementation Implementation First cycle of First cycle of ISMS BAU & policy plan agreed complete internal audits and improvements agreed management implemented reviews completed Certification Confirmed Choose and engage Stage 1 Audit Stage 2 Audit Certification Board (The documentation (The Big One) check) Start 3 mths 6 mths 9 mths 12 mths 18 mths
  • 2. BAU Phase 1 Phase 2 – first cycle of Operate, Moni Scope, Design and Implement, Operate, Monitor and Improve tor and Build Improve We follow a two-phased approach, in line with the BSI’s preferred method, to helping clients implement an ISO27001- compliant ISMS. The objective of Phase 1 is to set up the scope and foundation elements of the ISMS, and to define the scope of activities for the next phase. Phase 1 includes: • identifying the gap between ISO27001 and current processes and controls. Using or refining existing processes and controls to address these gaps will reduce the time and effort, but the design of new processes and controls may also be required • identifying and determining the value of your information assets through workshops and 1-to-1 meetings with key staff and management • assessing the threats, vulnerabilities and risks to your information assets, and determining the options for treating these risks • preparing the ISO27001 Statement of Applicability on your behalf • preparing the scope and programme of work for Phase 2, and providing input to further business cases if funding or internal/external resources are required for the implementation or operation of new or revised processes and controls Our role in this phase of the engagement includes project management, facilitating, document writing and providing subject matter expertise. We can also liaise with the certification body on your behalf.
  • 3. BAU Phase 1 Phase 2 – first cycle of Operate, Moni Scope, Design and Implement, Operate, Monitor and Improve tor and Build Improve Phase 2 consists of four work streams: • Implement is largely defined by the gap analysis and risk assessment activities from the prior phase. Implementation will focus on integrating new and revised security processes and controls into your operational security environment, including training of personnel earmarked for operating these processes and controls. Our role in this work stream would be project management, facilitating integration and providing training. • Operation is the normal day-to-day operations of information security management. This includes the management of information security resources, security incident management, as well as training and awareness. Our role in this work stream would be to provide support and hand-holding to staff responsible for running the ISMS. • Monitor is the ongoing measurement and assessment of the effectiveness of security controls and of the ISMS itself. This includes activities such as assessing control KPIs, testing of control effectiveness, internal audit of the ISMS and management review. Our role in this work stream would be performing effectiveness reviews and internal audit of the ISMS on your behalf. • Improve is about taking the outputs from the Monitor work stream and identifying and determining improvements that can be made to the ISMS and security controls. Our role here would be to help you design improvements and to integrate these improvements back into the operational ISMS.
  • 4. BAU Phase 1 Phase 2 – first cycle of Operate, Moni Scope, Design and Implement, Operate, Monitor and Improve tor and Build Improve Once the integration of the ISMS processes and controls are complete, the ISMS becomes a Business-As-Usual Plan (BAU) system, fully operated by your staff, continuously monitoring and improving information security within your business. Act Do Our role from this point onwards would be to support the ‘Plan-Do-Check-Act ’ cycle required for continuous improvement of the ISMS through providing resource and expertise for effectiveness reviews, performing the Check required internal audits of the ISMS, and providing advice and support for managing ISMS change on a ‘call-off’ basis.