Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Download to read offline

ISO 27001:2013 Implementation procedure

Download to read offline

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

ISO 27001:2013 Implementation procedure

  1. 1. Implementing ISO 27001:2013 from scratch in 35 simple steps Plan 1. Obtain top management approval for implementation of ISO 27001:2013 based ISMS in the organization 2. Gather information about the organization and its industry 3. Understand the organization industry 4. Gather background information about the organization products and services 5. Understand the organization external and internal issues 6. Identify the organization competitors 7. Identify the organization’s interested parties 8. Understand needs and expectations of interested parties 9. Understand the organization’s legal, regulatory and contractual requirements 10. Understand interfaces and interdependencies between activities performed by the organization 11. Understand the organization ISMS requirements 12. Understand the requirements of interested parties relevant to the ISMS 13. Determine scope for ISMS implementation (locations, sites and/or functions ready to implement ISMS) Plan DoCheck Act
  2. 2. 14. Define overall IS Policy, including IS Objectives, applicable business requirements and top management commitment for continual improvement 15. Define risk assessment process (risk assessment criteria and risk acceptance criteria) 16. Define risk treatment process 17. Develop project plan for ISO 27001:2013 based ISMS implementation 18. Present project plan to the top management for approval and secure top management assurance for the project and necessary support and resources Do 19. Define IS objectives at all relevant functions and levels 20. Perform risk assessment a. Identify IS risks b. Identify Risk Owners c. Analyze IS risks (assess consequences, likelihood and risk level) d. Evaluate IS Risks (compare with risk criteria and prioritizing) 21. Perform risk treatment a. Select appropriate controls b. Compare controls with Annex A of ISO 27001:2013 Standard Plan Do Check Act
  3. 3. c. Develop SoA d. Develop Risk Treatment Plans 22. Obtain Risk Owners’ approval 23. Implement risk treatment plans (Staff, Infrastructure, technical controls, managerial controls such as Employment/Contract agreements, NDA etc.) 24. Define ISMS performance measurements and metrics 25. Develop ISMS Audit program plan 26. Define and assign ISMS roles and responsibilities 27. Develop necessary IS documentation 28. Develop ISMS Communication Plan considering all ISMS interested parties 29. Conduct necessary IS training to employees and contractors 30. Carry necessary IS awareness initiatives 31. Operate ISMS (record IS events, activities, communications, changes, incidents, accidents and NCs) Check 32. Check ISMS performance periodically a. Various ISMS performance measurements and metrics b. Conduct periodic risk assessments Plan DoCheck Act
  4. 4. c. Perform periodic internal and regulatory audits d. Collect feedback from interested parties e. Carry periodic Management Reviews for reviewing ISMS performance 33. Report to appropriate management in defined time intervals Act 34. Decide on corrective actions to be taken 35. Develop plans for implementing ISMS improvements Plan DoCheck Act
  • armanksa

    Jun. 6, 2018
  • mustafatulu

    May. 30, 2018

    Nov. 9, 2017
  • SateeshChandra2

    Oct. 13, 2017
  • JyotiChavanUnde

    Aug. 5, 2017
  • akjraghav

    Jan. 14, 2017
  • masumbillah22

    Nov. 25, 2016
  • nraaman

    Oct. 5, 2016
  • AkramHabbari

    Jul. 18, 2016
  • midhunnirmal7

    Jun. 22, 2016
  • nazri742002

    Apr. 15, 2016
  • Ben1alex2

    Jan. 22, 2016
  • AbdulMagidHaddad

    Jan. 18, 2016
  • MarkMahoney5

    Nov. 25, 2015
  • deepalisinghparmar

    Jun. 14, 2015
  • qwami

    Jun. 6, 2015
  • naddu4u

    May. 15, 2015
  • haripy

    Mar. 27, 2015
  • harisbudiman2

    Mar. 12, 2015


Total views


On Slideshare


From embeds


Number of embeds