2. Content
2/25/2019
2
ISO 27001
Getting Started
Project Goals
Project Key Results
Schedule
Project Organization
Project Risks
Mitigation of Project Risks
Tools and Documents
Reporting
3. ISO 27001
2/25/2019
3
ISO 27001 is the Information Security
Management System Standard, which is
commonly referred as “Information Technology
– Security Techniques – Information Security
Management Systems – Requirements.”
ISO/IEC 27001:2013 is the most recent edition
of ISO 27001 Standard
4. ISO 27001
2/25/2019
4
ISO 27001 defines the requirements as
follows:
Establishment of Information Security
Management System [ISMS]
Implementation of ISMS
Maintenance and continual improvement of ISMS
It presents a systematic approach to
secure the sensitive information in an
organization
6. Getting Started
2/25/2019
6
Define the objectives to implement security
improvement program
Identify the firm’s key processes
Understand customers’ requirements
Define the scope by comparing the existing
security with that of requirements as per
ISO27001
Perform a risk assessment
Manage the identified risk
Implement controls
Prepare and apply for certifications
7. Getting Started
2/25/2019
7
Walkthrough the standard ISO/IEC 27001,
which clearly defines about clauses.
Clause 0-3: Introduction with Scope
Clause 4: Organizational Contexts
Clause 5: Leadership
Clause 6: Planning
Clause 7: Support
Clause 8: Operation
Clause 9: Performance Evaluation
Clause 10: Improvement
8. Project Goals
2/25/2019
8
Project goals:
To apply ISO 27001 requirements
To perform ready for certification
To meet statutory and regulatory requirements
To identify and address the risks associated
with the firm
To get ISO 27001 certification by [date] at the
earliest
9. Project Key Results
2/25/2019
9
Results of the ISO 27001 implementation
project:
ISMS implementation
Implementation of all required processes
Obtaining ISO 27001 certification
10. Schedule
2/25/2019
10
Milestone Due date
Project Initiation
Project Planning
Assessment
Implementation and Application
Internal Auditing
Management Review
Corrective Actions and Preventive Actions
Certification Audit
Continual Improvement Setup
12. Project Risks
2/25/2019
12
Key Risks in the project implementation are
the following:
Extension of deadlines in phase of establishing
process approach
Extension of deadlines during formation of
process procedures
Extension of deadlines due to bad selection of
exclusions or migrations from the ISO
27001:2013 standard
13. Mitigation of Project Risks
2/25/2019
13
Measures to reduce project risks:
The project manager monitors that all activities
in the project are performed within specified
deadlines as per standards
Consulting with experts to ensure that time or
resources are not spent on activities that are
unimportant for the project.
14. Tools and Documents
2/25/2019
14
The following tools and documents will be
used for the project:
A shared folder including all documents such
as Word doc, PDFs, Excel files, Project Plans
produced during the project – [Folder name]